TLS 1.2+ in transitAES-256 at restSSO (SAML / OIDC)Workspace isolationSOC 2 Type II — in progress
Authentication & access
- SSO via SAML 2.0 / OIDC (Google, Apple, email + password)
- Workspace role model with least-privilege defaults
- Session expiry and forced re-auth for sensitive operations
- Optional IP allow-listing on enterprise plans
Encryption
- TLS 1.2+ in transit for all internal and external traffic
- AES-256 at rest for primary stores and backups
- Per-workspace key separation for tenant-scoped artifacts
Infrastructure
- Hardened cloud baseline on a SOC 2 / ISO 27001 cloud provider
- Logical isolation between workspaces and environments
- Automated patching and dependency vulnerability scanning
- Daily encrypted backups with point-in-time recovery
Application security
- Mandatory code review and CI security checks
- Static and dynamic scanning on every release candidate
- Annual third-party penetration test (report under NDA)
- Secret management via managed vault; no secrets in code
Data governance
- Per-field source, license, refresh, and permitted-use metadata
- Append-only consent ledger with audit export
- Workspace-level activity logs covering every export & activation
- DSAR tooling for subject access, deletion, and portability
Operations
- 24/7 monitoring with documented runbooks
- Material-incident notification within 72 hours per contract
- On-call rotation, postmortems, and customer-shared RCAs
Shared responsibility
CoreForge Data secures the platform — infrastructure, application, encryption, and data governance. Customers control their workspace: who is invited, which integrations are connected, and how prospects are contacted. Together we maintain compliant outreach.
Reporting a vulnerability
Email security@coreforge.example. We acknowledge within 2 business days and commit to a remediation timeline within 10. Public disclosure is coordinated.
Request the security packet →