Security & Compliance

Your trust is our foundation. Skopx implements enterprise-grade security measures to protect your code, data, and intellectual property.

SOC 2 Type II

Annual compliance audit

GDPR Compliant

Full data protection

ISO 27001

Security management

HIPAA Ready

Healthcare compliance

Enterprise Security Standards

We follow industry best practices to ensure your data remains secure and private

End-to-End Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your API keys and sensitive data are encrypted with additional layers of protection.

Zero Knowledge Architecture

We never store your API keys in plain text. Authentication tokens are hashed and salted. Even our team cannot access your sensitive credentials.

Infrastructure Security

Hosted on AWS with VPC isolation, WAF protection, and DDoS mitigation. All infrastructure follows least-privilege access principles.

Access Controls

Role-based access control (RBAC) with granular permissions. Support for SSO via SAML 2.0 and OIDC. Multi-factor authentication enforced.

Compliance & Auditing

Comprehensive audit logs for all actions. Regular third-party penetration testing. Annual SOC 2 Type II audits by certified auditors.

API Security

Rate limiting and DDoS protection. OAuth 2.0 and API key authentication. Webhook signature verification for all integrations.

Data Privacy & Protection

Your data belongs to you. We're committed to transparency in how we handle it.

Data Ownership

  • You retain full ownership of your data
  • Export your data anytime in standard formats
  • No vendor lock-in - easy migration
  • Delete your data permanently upon request

Data Usage

  • We never train AI models on your data
  • Your code and content remain confidential
  • No data sharing with third parties
  • Strict data minimization practices

Data Storage

  • Data residency options available
  • Encrypted backups with point-in-time recovery
  • Automatic data purging after account deletion
  • Isolated tenant data storage

Data Access

  • Strict employee access controls
  • Background checks for all staff
  • Access logged and monitored
  • Customer data access requires approval

Compliance & Certifications

We maintain rigorous compliance standards to meet your regulatory requirements

SOC 2 Type II

Certified

Annual audit covering security, availability, processing integrity, confidentiality, and privacy

GDPR

Compliant

Full compliance with EU data protection regulations including DPA availability

CCPA

Compliant

California Consumer Privacy Act compliance with data subject rights

ISO 27001

In Progress

Information security management system certification

HIPAA

Ready

Healthcare data protection with BAA available for enterprise customers

PCI DSS

Level 1

Payment card data handled by Stripe with PCI compliance

Security Features

Built-in security features to protect your organization

Single Sign-On (SSO) with SAML 2.0
Multi-factor authentication (MFA)
IP allowlisting for enterprise
Session management controls
Encrypted secrets management
Audit logs with export capability
Custom data retention policies
SCIM user provisioning
Webhook signature verification
API rate limiting
DDoS protection
Regular security updates

Incident Response

Prepared and transparent incident management process

1

Detection

24/7 monitoring with automated alerting for security events

2

Assessment

Immediate triage to determine scope and severity

3

Containment

Isolate affected systems to prevent spread

4

Communication

Transparent updates to affected customers within 72 hours

5

Resolution

Fix vulnerabilities and restore normal operations

6

Review

Post-incident analysis and process improvements

Security Questions?

Our security team is here to help with compliance requirements, security questionnaires, or any concerns

Report security vulnerabilities to [email protected]