Security & Compliance

Your data's security is our highest priority. Learn how we protect your business information with enterprise-grade security measures.

Built with Security from Day One

We implement industry-leading security practices to ensure your forecasting data and business intelligence remain protected, private, and compliant.

Encryption

AES-256 encryption at rest and TLS 1.3 in transit

Compliance

GDPR, CCPA, and SOC 2 Type II compliant

Infrastructure

Hosted on AWS with 99.9% uptime SLA

How We Protect Your Data

End-to-End Encryption

All data is encrypted both at rest using AES-256 encryption and in transit using TLS 1.3. Your forecasting data, API keys, and business intelligence are protected with military-grade encryption standards.

Secure Infrastructure

Trackura is hosted on Amazon Web Services (AWS), leveraging enterprise-grade infrastructure with built-in redundancy, DDoS protection, and continuous security monitoring. Our architecture follows AWS Well-Architected Framework best practices.

Access Controls & Authentication

Multi-factor authentication (MFA), role-based access control (RBAC), and single sign-on (SSO) options ensure that only authorized personnel can access your data. We support OAuth 2.0, SAML, and other industry-standard authentication protocols.

Regular Security Audits

We conduct regular third-party security audits and penetration testing to identify and address vulnerabilities. Our security team performs continuous monitoring and responds to incidents following industry best practices.

Automated Backups & Disaster Recovery

Your data is automatically backed up daily with point-in-time recovery capabilities. We maintain geographically distributed backups and have comprehensive disaster recovery procedures to ensure business continuity.

Data Isolation & Privacy

Each customer's data is logically isolated using tenant-specific encryption keys. We never share, sell, or use your data for any purpose other than providing our forecasting services. Your forecasts and business intelligence remain completely private.

Compliance & Certifications

GDPR

GDPR Compliant

We comply with the General Data Protection Regulation (GDPR) requirements, including data subject rights, data processing agreements, and cross-border data transfer safeguards.

  • Right to access and data portability
  • Right to erasure ("right to be forgotten")
  • Data processing agreements available
CCPA

CCPA Compliant

We comply with the California Consumer Privacy Act (CCPA), giving California residents enhanced rights over their personal information.

  • Disclosure of data collection practices
  • Right to opt-out of data sales (we never sell data)
  • Non-discrimination for privacy rights exercise
SOC 2

SOC 2 Type II

Our SOC 2 Type II certification demonstrates our commitment to maintaining the highest standards for security, availability, and confidentiality.

  • Annual third-party audits
  • Comprehensive security controls
  • Reports available under NDA
Data Residency

Data Residency Options

We offer data residency options to meet regional compliance requirements. Your data can be stored in specific geographic regions as needed.

  • US, EU, and other regional hosting options
  • Data never leaves specified region
  • Contact us for enterprise options

Service Level Agreement

Uptime Guarantee
99.9%
Monthly uptime SLA
Response Time
<1hr
For critical issues
Data Retention
90 days
Point-in-time recovery

What Our SLA Covers

  • 99.9% monthly uptime guarantee with service credits for downtime
  • Scheduled maintenance windows announced 72 hours in advance
  • 24/7 system monitoring and incident response
  • Real-time status updates at status.trackura.com

Security FAQ

Where is my data stored?

Your data is stored on Amazon Web Services (AWS) infrastructure in secure data centers. We offer data residency options in the US, EU, and other regions to meet your compliance requirements. Your data never leaves your specified region without explicit permission.

Who has access to my data?

Only authorized personnel within your organization who you explicitly grant access to. Our engineering team has no access to customer data in normal operations. In rare cases where debugging requires data access, it's done only with your explicit permission and under strict audit controls.

Can I delete my data?

Yes, absolutely. You can delete your data at any time through the platform settings or by contacting our support team. Upon deletion, all data is permanently removed from our systems within 30 days, including backups, in compliance with GDPR and CCPA requirements.

Do you perform security testing?

Yes. We conduct regular security audits, penetration testing, and vulnerability assessments by third-party security firms. We also have a bug bounty program and encourage responsible disclosure of any security concerns.

What happens if there's a security incident?

We have a comprehensive incident response plan. In the unlikely event of a security incident, we will notify affected customers within 72 hours, provide details about the incident, and outline remediation steps taken. We maintain cyber insurance and have legal obligations to report breaches as required by law.

How do you handle API keys and credentials?

All API keys and credentials are encrypted at rest using separate encryption keys from your data. We use industry-standard secret management systems and never log or display credentials in plain text. OAuth tokens are automatically rotated and can be revoked instantly from your dashboard.

Have More Questions About Security?

Our security team is here to answer your questions and provide additional documentation for enterprise compliance review.