Security & Privacy

Learn how Sivvy protects your data and maintains the highest security standards.

SOC 2 Type II Compliant

Our Security Commitment

Sivvy is built with security at its core, protecting your data and infrastructure

End-to-End Encryption

All data is encrypted in transit using industry-standard TLS encryption. Your sensitive information is never stored in plain text.

Secure Infrastructure

Secure cloud hosting with enterprise-grade security controls and monitoring of all systems.

Access Control

Role-based access control, API key management, and secure authentication with optional two-factor authentication.

Compliance & Certifications

Meeting industry standards and regulatory requirements

SOC 2

SOC 2 Type II

Audited annually for security, availability, and confidentiality controls.

GDPR

GDPR Compliant

Full compliance with European data protection regulations.

ISO 27001

ISO 27001

Information security management system certification.

Security Practices

How we protect and secure your data

Data Protection

  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Backup: Automated daily backups with 30-day retention
  • Access Logs: Complete audit trail of all data access
  • Data Minimization: We only collect necessary information
  • Retention Policy: Data deleted according to retention schedules

Network Security

  • Firewalls: Multi-layer firewall protection
  • DDoS Protection: Advanced DDoS mitigation
  • VPC: Isolated virtual private cloud
  • Monitoring: 24/7 network monitoring and alerting

Application Security

  • Code Review: All code reviewed by security experts
  • Vulnerability Scanning: Regular automated security scans
  • Penetration Testing: Annual third-party security testing
  • OWASP Top 10: Protection against common vulnerabilities
  • Secure SDLC: Security built into development process

Incident Response

  • 24/7 Monitoring: Continuous security monitoring
  • Response Team: Dedicated incident response team
  • Notification: Immediate customer notification
  • Forensics: Complete incident investigation

Security Disclosure Program

Help us keep Sivvy secure by reporting vulnerabilities responsibly

How to Report

If you discover a security vulnerability, please report it to us privately before public disclosure.

Contact Information

Email: security@sivvy.io

PGP Key: Available upon request

Response Timeline

  • Acknowledgment within 24 hours
  • Initial assessment within 72 hours
  • Regular updates every 5 business days
  • Resolution timeline based on severity

Guidelines

✅ Please Do

  • Report vulnerabilities privately first
  • Provide detailed reproduction steps
  • Allow reasonable time for remediation
  • Act in good faith

❌ Please Don't

  • Access or modify user data
  • Perform destructive testing
  • Social engineer our employees
  • Violate privacy or laws

Questions About Security?

Our security team is here to address your concerns and provide additional information.

Contact Security Team General Support

This page was last updated on January 3, 2025