SocioFi
Technology

AI-Native Development: Human Verified

Security

Your Data Stays Yours.

Full transparency on how we protect your data — encryption, access controls, hosting, compliance, and what happens if something goes wrong.

Encryption
All data is encrypted in transit and at rest using industry-standard algorithms.
  • TLS 1.3 for all data in transit — between your systems, our agents, and our infrastructure.
  • AES-256 encryption at rest for all stored data, credentials, and logs.
  • Cryptographic key rotation on a quarterly schedule.
  • No sensitive data (credentials, PII) is ever logged in plain text.
Infrastructure
Your agents run on SocioFi's own managed infrastructure — not shared public cloud services.
  • Hosted on SocioFi Cloud — our own managed infrastructure with physical separation.
  • Agent workloads are isolated in containerized environments per client.
  • No cross-tenant data sharing or shared execution environments.
  • Infrastructure located in ISO 27001-certified data centers.
Access Controls
Granular role-based access so only the right people see agent data and outputs.
  • Role-based access control (RBAC) at the organization and agent level.
  • Each team member sees only the agents and outputs you authorize.
  • Full audit log of every access event — who saw what and when.
  • API access via scoped tokens with configurable permissions and expiry.
Data Handling Policy
Clear rules for what data we process, how we store it, and how long we keep it.
  • We process only the data required for agent tasks to function.
  • No data is used to train our models or shared with third parties.
  • You own all data processed by your agents at all times.
  • Data processing agreements (DPA) available for all clients.
Incident Response
When something goes wrong, you'll know fast and we'll act immediately.
  • Automated monitoring detects anomalies in agent behavior within minutes.
  • Incident response initiated within 4 hours of confirmed security event.
  • Clients notified within 24 hours of any incident affecting their data.
  • Post-incident root cause analysis and remediation report within 5 business days.
Data Deletion Policy
When you cancel, your data is fully deleted — not archived, not retained.
  • All client data deleted within 30 days of subscription cancellation.
  • Deletion covers: inputs, outputs, logs, credentials, and configuration.
  • Deletion confirmation report available upon request.
  • Early deletion available on request before the 30-day window.
Compliance Roadmap
Our current compliance status and roadmap. We publish this openly — no marketing language.
SOC 2 Type II
IN PROGRESS
Audit in progress. Completion target: Q4 2026. We operate against SOC 2 controls today.
GDPR
READY
GDPR-ready operations. DPA available. EU data processing supported.
ISO 27001
HOSTED ON CERTIFIED DC
Our hosting infrastructure is in ISO 27001-certified data centers.
HIPAA
ON ROADMAP
BAA available for healthcare clients. Full HIPAA compliance roadmap in progress.