Security & Compliance
Last updated: April 23, 2026
Enterprise-Grade Security
SGC Tech AI is built for regulated enterprises. Security and compliance are baked into every layer of our platform — from infrastructure to API design to data handling.
Certifications & Compliance
SOC 2 Type II
Independently audited. Demonstrates controls over security, availability, processing integrity, confidentiality, and privacy.
GDPR Compliant
Full compliance with EU data protection regulation. Data residency controls, DPA framework, and DPIA support included.
HIPAA Eligible
For healthcare customers. BAA available. Encryption at rest and in transit. Audit logs and access controls.
ISO 27001
Information security management system certified. Covers access controls, incident management, and risk assessment.
Data Protection
- Encryption at Rest: AES-256 encryption for all stored data
- Encryption in Transit: TLS 1.3 for all data transfers
- Key Management: Cloudflare Key Management Service (KMS)
- Data Residency: EU, US, and APAC region options
- Backup & Recovery: Automated daily backups, 90-day retention
Access Controls
- Role-Based Access Control (RBAC): Admin, operator, viewer, and custom roles
- Multi-Factor Authentication (MFA): Mandatory for all production accounts
- Session Management: Automatic logout after 30 minutes of inactivity
- Audit Logging: All access logged with timestamps and IP addresses
- Single Sign-On (SSO): SAML 2.0 and OAuth 2.0 support
Infrastructure Security
- Cloud Provider: Cloudflare Workers + Cloudflare Pages (SOC 2 certified)
- DDoS Protection: Automatic DDoS mitigation at edge
- WAF Rules: OWASP Top 10 protection enabled
- API Security: Rate limiting, JWT validation, CORS enforcement
- CDN: Global edge caching with automatic failover
Incident Response
Response Time: Critical incidents acknowledged within 1 hour, updates every 4 hours
Process:
- 24/7 security monitoring
- Incident triage and severity classification
- Customer notification within SLA timeframe
- Post-incident review and remediation
- Regular security drills
Vulnerability Management
- Regular Scans: Automated vulnerability scanning (OWASP ZAP, Nessus)
- Penetration Testing: Third-party pen tests quarterly
- Security Updates: Patches deployed within 24-48 hours of disclosure
- Responsible Disclosure: Bug bounty program available (contact [email protected])
Uptime & SLA
Guaranteed Uptime: 99.9% (3 nines) for production environments
SLA Terms:
- 99.9% - 0.1% credit applied to next month
- 99.0% - 1% credit applied to next month
- Below 99.0% - 10% credit applied to next month
Contact Security
For security concerns or to report a vulnerability:
Email: [email protected]
Response time: Within 24 hours
Bug Bounty: Available for verified security researchers
Request Our SOC 2 Report
Customers and prospects can request our latest SOC 2 Type II audit report. This is typically provided under NDA.