Features Pricing
Open App Get Started
Security & Trust

Your data is our
responsibility.

SafiTrack is built on enterprise-grade infrastructure with security at every layer. Here's how we protect your business.

SOC 2 Type II

Audited security controls

In progress

GDPR Compliant

Full EU data protection

Active

AES-256 Encryption

Data encrypted at rest & in transit

Active

99.9% Uptime SLA

Enterprise reliability

Active

Data Protection

How we secure your data at every stage — from the moment it enters SafiTrack to long-term storage and backup.

Encryption

Active

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database connections use certificate-pinned TLS to prevent interception.

  • AES-256 encryption for all stored data
  • TLS 1.3 for all data in transit
  • Certificate-pinned database connections

Backup & Recovery

Active

Automated daily backups with point-in-time recovery. Backups are stored in geographically separate regions with independent encryption keys.

  • Daily automated backups
  • Point-in-time recovery up to 30 days
  • Geo-redundant backup storage

Data Isolation

Active

Each customer's data is logically isolated with strict row-level security policies. No customer can access another customer's records under any circumstance.

Compliance

SafiTrack is committed to meeting the regulatory and industry standards your business requires.

SOC 2 Type II

In progress

We are actively working toward SOC 2 Type II certification, covering Security, Availability, and Confidentiality trust service criteria. Our internal controls already follow SOC 2 standards.

  • Internal controls mapped to SOC 2 criteria
  • Independent auditor engaged
  • Expected completion: Q4 2026

GDPR

Compliant

SafiTrack is fully GDPR compliant. We provide data processing agreements, support data subject access requests, and offer data portability and deletion on demand.

  • Data Processing Agreements (DPA) available
  • Right to access, rectification, and erasure
  • Data portability via structured export
  • 72-hour breach notification commitment

CCPA

Compliant

For California-based users and customers, SafiTrack complies with CCPA requirements including the right to know, delete, and opt out of data sales. We never sell personal information.

Infrastructure

SafiTrack runs on modern, battle-tested cloud infrastructure built for reliability and performance.

Cloud Hosting

AWS / Supabase

Our application is hosted on enterprise-grade cloud infrastructure with automatic scaling, multi-zone redundancy, and DDoS protection. Database services run on Supabase with managed PostgreSQL.

Uptime & Monitoring

99.9% SLA

We maintain a 99.9% uptime SLA for all paid plans. Real-time monitoring, automated alerting, and on-call engineering ensure rapid incident response. Check our current status at any time.

  • 24/7 automated infrastructure monitoring
  • Public status page at status.safitrack.com
  • Incident postmortems published for major events

Network Security

Active

All API endpoints are protected by rate limiting, WAF rules, and bot detection. Edge network caching and CDN delivery minimize attack surface and improve global performance.

Access & Authentication

Fine-grained access controls and modern authentication to keep the right people in and everyone else out.

Authentication

Active

SafiTrack supports email/password authentication with bcrypt hashing, magic link sign-in, and OAuth via Google. Session management uses secure, HttpOnly, SameSite cookies with automatic expiry.

  • Bcrypt-hashed passwords with salt
  • OAuth 2.0 (Google) single sign-on
  • Automatic session timeout and re-authentication

Role-Based Access Control

Active

Granular role-based permissions let you control exactly who can view, edit, or delete data across your organization. Admin, manager, and member roles are enforced at the database level.

Audit Logging

Active

Every significant action — login, record change, export, permission update — is logged with timestamp, user identity, and IP address. Audit logs are immutable and available for admin review.

Responsible AI

How Safi AI handles your data — with clear boundaries, no training on your data, and transparent practices.

Your Data is Not Used for Training

Guaranteed

Safi AI processes your data to deliver insights and recommendations, but your data is never used to train our models or any third-party models. Your business data stays yours.

Data Residency

Configurable

AI inference runs in the same region as your primary data store. For Enterprise customers, we offer dedicated inference endpoints and configurable data residency to meet regulatory requirements.

Transparency

Active

Every AI-generated insight in SafiTrack is clearly labeled as such. We provide confidence indicators and source attribution so your team always knows the basis for recommendations.

Frequently asked questions

Common questions from security and procurement teams.

Can you provide a DPA?

Yes. We provide a GDPR-compliant Data Processing Agreement to all customers. Contact our team at security@safitrack.com to request one.

Where is my data stored?

Customer data is stored in secure, SOC 2-certified data centers. Primary hosting is in the US with options for EU data residency on Enterprise plans.

Do you support SSO?

We currently support Google OAuth for single sign-on. SAML-based SSO for Enterprise IdPs (Okta, Azure AD) is on our roadmap for Q1 2027.

How do you handle data deletion?

When you delete data or close your account, all records are permanently removed from primary storage within 30 days and from backups within 90 days.

Do you conduct penetration testing?

Yes. We engage independent third-party security firms for annual penetration tests. Additionally, we run continuous vulnerability scanning on our infrastructure.

Can I export all my data?

Absolutely. SafiTrack supports full data export in standard formats (CSV, JSON) at any time. No vendor lock-in — your data is always portable.

Questions about security?

Our team is happy to walk through our security practices, provide documentation, or complete your vendor security questionnaire.

We respond to security inquiries within 1 business day