Your data security is our priority
We implement comprehensive security measures to protect your business data. From encryption to access controls, security is built into every layer of Serrét.
Security Features
Multiple layers of protection for your data
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256-GCM encryption.
Access Controls
Role-based access control (RBAC) ensures users only access data they're authorized to see.
Multi-Factor Authentication
TOTP-based 2FA compatible with Google Authenticator, Authy, and other authenticator apps.
Audit Logging
Comprehensive audit trails track all data access and changes for compliance and security.
Secure Backups
Automated encrypted backups with secure off-site storage and tested recovery procedures.
Security Headers
CSP, HSTS, X-Frame-Options, and other headers protect against common web vulnerabilities.
Compliance & Certifications
Meeting international standards for data protection
GDPR
General Data Protection Regulation compliance for EU users
Australian Privacy Act
Privacy Act 1988 and Australian Privacy Principles compliance
SOC 2 Type II
Infrastructure provider (Supabase/AWS) certified
PCI DSS
Payment processing handled by certified provider (Stripe)
Security Practices
How we maintain security across our operations
Secure Development Lifecycle
- Code reviews required for all changes
- Automated security scanning in CI/CD pipeline
- Regular dependency vulnerability checks
- Security-focused development training
Infrastructure Security
- Hosted on SOC 2 certified infrastructure
- Private network isolation
- DDoS protection and mitigation
- Geographic redundancy for disaster recovery
Incident Response
- 24/7 security monitoring
- Documented incident response procedures
- Post-incident analysis and remediation
- Timely customer notification of breaches
Vendor Management
- Security assessments for all vendors
- Data processing agreements in place
- Regular vendor security reviews
- Minimal data sharing principles
Security FAQs
Where is my data stored?
Your data is stored in secure data centers in India (Mumbai region) operated by AWS through Supabase. Backups are stored in geographically separate locations for redundancy.
How do you handle data breaches?
We have a documented incident response plan. In the event of a breach, we will investigate immediately, contain the incident, notify affected users within 72 hours as required by GDPR, and implement measures to prevent recurrence.
Can I export my data?
Yes, you can export all your data at any time through the Data Hub in your account settings. We support exports in multiple formats including CSV, Excel, JSON, and vCard.
How long do you retain deleted data?
When you delete data, it is removed from our active systems immediately. Backups containing the data are retained for 30 days for recovery purposes, after which they are securely erased.
Do you have a bug bounty program?
We operate a responsible disclosure program. Security researchers who discover vulnerabilities can report them to security@serret.io. We acknowledge all valid reports and work to resolve issues promptly.
Have security questions?
Our team is happy to answer any questions about our security practices.
Report vulnerabilities: security@serret.io