Security
Your data security is our priority
We built SteadyOps with enterprise-grade security from day one. Your business data, customer information, and call recordings are protected by industry-leading encryption, strict access controls, and complete tenant isolation.
Infrastructure Security
AWS Cloud Infrastructure
All services run on Amazon Web Services with automated scaling, redundancy, and geographic distribution for maximum reliability.
Encryption at Rest (AES-256)
Every byte of stored data — databases, file uploads, backups, and call recordings — is encrypted using AES-256, the same standard used by financial institutions and government agencies.
Encryption in Transit (TLS 1.3)
All data transmitted between your browser and our servers is protected by TLS 1.3 encryption. API calls, file uploads, and webhook communications are all encrypted end-to-end.
Authentication & Access
Clerk OAuth Authentication
We use Clerk for identity management. No passwords are stored on our servers. Sign in with Google, Microsoft, or email magic links.
Multi-Factor Authentication
Enable MFA on your account for an extra layer of security. We support authenticator apps, SMS verification, and security keys.
Role-Based Access Control
Assign roles to team members with granular permissions. Owners, admins, and staff each see only what they need.
Data Protection
Complete Tenant Isolation
Every database query is scoped to your tenant_id. There is no way for one business to access another's data — architecturally enforced, not just policy-based.
PCI DSS Level 1 (via Stripe)
We never store, process, or transmit credit card numbers. All payment processing is handled by Stripe, which maintains PCI DSS Level 1 certification — the highest level of payment security.
AI Data Handling
Your business data is never used to train AI models. All AI processing occurs in isolated sessions with Anthropic's Claude, and data is not retained by the AI provider after processing.
Voice & Call Security
Call recordings are encrypted at rest and in transit. Our voice infrastructure is built on HIPAA-eligible services. Recordings are stored in your private, isolated storage bucket.
Audit Logging
Every significant action — logins, data exports, configuration changes, API access — is logged with timestamps and user identity for complete accountability.
Vulnerability Management
We perform regular dependency scanning, automated security testing, and code reviews. Critical vulnerabilities are patched within 24 hours of discovery.
Compliance & Certifications
CCPA Compliant
California Consumer Privacy Act
SOC 2 Type II
Service Organization Control
GDPR Ready
General Data Protection Regulation
HIPAA Eligible
Health Insurance Portability
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue in our platform, please report it responsibly. We ask that you give us reasonable time to investigate and address the issue before making any information public.
Report a Vulnerabilitysecurity@steadyops.io