Trust
Security at SecureWise AI
SecureWise AI helps organizations manage compliance — so we hold our own program to a high bar. This page summarizes the safeguards we operate today. It is maintained by SecureWise AI and is not an independent certification.
Encryption everywhere
TLS 1.2+ in transit and AES-256 at rest for databases, object storage, and backups.
Tenant isolation
Row-level security policies scope every read and write to the caller's organization.
Least-privilege access
Role-based access with granular permissions for members, admins, and auditors.
Hardened infrastructure
Managed cloud infrastructure with private networking, WAF, and continuous patching.
Audit logging
Immutable activity logs capture authentication, data access, and administrative actions.
Secure SDLC
Peer code review, dependency scanning, static analysis, and secret detection in CI.
Data protection
Customer Data is encrypted in transit with TLS 1.2 or higher and at rest with AES-256. Evidence uploads are stored in a private object storage bucket, protected by row-level access policies and served through short-lived signed URLs.
Authentication & access
We support email/password and OAuth providers. Sessions use short-lived access tokens with rotating refresh tokens. Administrative access to production is restricted, requires strong authentication, and is logged. Internal access follows the principle of least privilege and is reviewed periodically.
Multi-tenant isolation
Every table containing customer data enforces PostgreSQL row-level security keyed to the caller's organization. Server-side helpers verify organization membership before returning results. AI-assisted features operate only on the calling user's authorized workspace data.
Availability & backups
The platform is hosted on managed cloud infrastructure with automated daily backups and point-in-time recovery. We monitor uptime, latency, and error rates continuously and use alerting to notify our on-call engineers of degradations.
Secure development
Changes are peer-reviewed and pass automated tests, dependency scanning, static analysis, and secret detection before deployment. We track vulnerabilities in our dependencies and remediate on a risk-based SLA.
Subprocessors
We use a limited set of vetted subprocessors — including cloud hosting, authentication, storage, email, AI model providers, and error monitoring — each bound by contractual data protection commitments. A current list is available at privacy@securewise.io.
Compliance program
Our internal controls map to widely recognized frameworks (e.g., SOC 2, ISO 27001, NIST CSF, GDPR). Formal certifications are pursued as the platform matures; current attestation status is available on request under NDA.
Incident response
We maintain a documented incident response plan covering detection, containment, eradication, recovery, and post-incident review. Affected customers are notified without undue delay in accordance with our contractual and legal obligations.
Responsible disclosure
If you believe you have found a security vulnerability, please report it privately to security@securewise.io. We ask that you give us a reasonable window to remediate before public disclosure. We will acknowledge reports within 3 business days.
