Security at SGEScore
Your data security is our top priority. Learn how we protect your information.
Our Security Commitment
At SGEScore, we understand that you're trusting us with sensitive information about your brand and business. We take this responsibility seriously and have implemented comprehensive security measures to protect your data.
Our security program is designed around industry best practices and compliance frameworks, ensuring that your data is protected at every level—from our application code to our physical infrastructure.
Security Features
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your sensitive information is always protected.
Authentication
Secure authentication powered by Supabase with support for email/password, magic links, and social providers. All passwords are hashed using bcrypt.
Infrastructure
Hosted on enterprise-grade infrastructure with automatic scaling, DDoS protection, and geographic redundancy.
Access Control
Role-based access control ensures users can only access their own data. API keys are scoped and can be revoked at any time.
Monitoring
24/7 security monitoring with automated threat detection and alerting. Regular security audits and penetration testing.
Compliance
SOC 2 Type II compliant, GDPR ready, and following industry best practices for data protection.
Certifications & Compliance
SOC 2 Type II
Security, availability, and confidentiality controls
GDPR
European data protection regulation
PCI DSS
Payment card industry data security
ISO 27001
Information security management
Security Practices
- Regular security assessments and penetration testing by third parties
- Vulnerability scanning and patch management
- Secure software development lifecycle (SSDLC)
- Employee security training and awareness programs
- Incident response plan and procedures
- Data backup and disaster recovery
- Vendor security assessments
- Security logging and monitoring
Data Protection
Data at Rest
All stored data is encrypted using AES-256 encryption. Database backups are also encrypted and stored in geographically distributed locations for redundancy.
Data in Transit
All connections to SGEScore use TLS 1.3 encryption. We enforce HTTPS across all endpoints and use HSTS to prevent downgrade attacks.
Data Retention
We retain your data only for as long as necessary to provide our services or as required by law. You can request deletion of your data at any time through your account settings.
Responsible Disclosure
We value the security research community and welcome responsible disclosure of vulnerabilities. If you discover a security issue, please report it to us privately.
Security Contact
Email: security@sgescore.com
Please include detailed steps to reproduce the issue and any relevant information about your testing environment.
Security FAQ
Where is my data stored?
Your data is stored in secure data centers in the European Union and United States, with encryption and access controls at every layer.
Who has access to my data?
Access to customer data is strictly limited to authorized personnel who need it for their job functions. All access is logged and audited regularly.
What happens if there's a data breach?
In the unlikely event of a data breach, we will notify affected users within 72 hours as required by GDPR and provide detailed information about the incident and remediation steps.
Can I request a security assessment?
Enterprise customers can request our SOC 2 report and additional security documentation. Contact our sales team for more information.