Security

Infrastructure Security

Data Centers

Deelo's infrastructure is hosted across multiple tier-1 data center providers, including Google Cloud Platform and Amazon Web Services. Our data centers feature:

• 24/7 physical security with biometric access controls
• Redundant power supplies and cooling systems
• Fire detection and suppression systems
• Geographic redundancy for disaster recovery
• Regular third-party security assessments and penetration testing

Network Security

Our network infrastructure is protected by multiple layers of security:

• Web Application Firewalls (WAF) to protect against attacks
• DDoS mitigation and traffic filtering
• Intrusion detection and prevention systems (IDS/IPS)
• Regular vulnerability scanning and patching
• Network segmentation and micro-segmentation

Application Security

Secure Development Practices

Our engineering team follows secure coding practices and industry standards:

• OWASP Top 10 vulnerability prevention
• Mandatory code reviews for all changes
• Automated security testing in CI/CD pipelines
• Regular third-party penetration testing
• Bug bounty program for responsible disclosure

Authentication & Authorization

We provide robust authentication options to protect your accounts:

• Multi-factor authentication (MFA) with TOTP, SMS, or hardware keys
• Single Sign-On (SSO) with SAML 2.0 and OAuth 2.0/OIDC
• API key management with scoped permissions
• Session management with automatic timeout
• IP allowlisting for enhanced access control

Data Protection

Encryption

All data is encrypted to ensure confidentiality:

• In Transit: TLS 1.3 encryption for all data transfers
• At Rest: AES-256 encryption for stored data
• Backups: Encrypted backups with secure key management
• Database: Column-level encryption for sensitive fields

Data Isolation

Your data is logically isolated from other customers:

• Tenant isolation at the database level
• Separate encryption keys per organization
• Strict access controls and audit logging

Compliance & Certifications

Incident Response

We maintain a comprehensive incident response plan to quickly address any security concerns:

• 24/7 security monitoring and alerting
• Defined incident classification and escalation procedures
• Regular incident response drills and tabletop exercises
• Post-incident analysis and lessons learned
• Customer notification within 72 hours of confirmed data breaches

Organizational Security

Employee Security

Our team members undergo thorough security training and background checks:

• Background checks for all employees
• Security awareness training upon hire and annually
• Principle of least privilege access
• Secure remote work policies and endpoint protection
• Regular phishing simulations and training

Vendor Management

We carefully vet all third-party vendors and partners:

• Security assessments before engagement
• Data processing agreements (DPAs) in place
• Regular review of vendor security posture
• Limited data sharing on a need-to-know basis

Questions?

If you have questions about our security practices or would like to request our SOC 2 report, please contact our security team at security@deelo.ai.