Security and Compliance¶
Dxtra maintains security practices for data protection. This page describes our security approach and available compliance documentation.
Certification Status
Dxtra is not currently certified under ISO 27001, SOC 2, or other security frameworks. We maintain security best practices and can discuss our security posture with customers.
Security Practices¶
Data Protection¶
| Control | Implementation |
|---|---|
| Encryption at rest | AES-256 database encryption |
| Encryption in transit | TLS 1.2+ for all connections |
| Key management | Secure key storage and rotation |
| Database security | Role-based access controls |
Access Control¶
| Control | Implementation |
|---|---|
| Authentication | JWT-based with 15-minute token expiry |
| Authorization | Role-based permissions via GraphQL API |
| Session management | Configurable session policies, 12-hour refresh tokens |
| MFA | TOTP-based two-factor authentication |
Infrastructure Security¶
| Control | Implementation |
|---|---|
| Cloud provider | AWS with security best practices |
| Network security | Network isolation and security groups |
| Monitoring | Monitoring and alerting |
| Updates | Regular security patching |
Application Security¶
| Control | Implementation |
|---|---|
| Input validation | GraphQL schema validation |
| Access control | Row-level security via GraphQL API permissions |
| Audit logging | Processing activity tracking |
| Secure development | Code review practices |
Available Documentation¶
For Enterprise Customers¶
Upon request with appropriate agreements:
Security documentation:
- High-level architecture overview
- Data flow documentation
- Access control summary
- Encryption practices
Compliance information:
- Security policy summaries
- Incident response overview
- Data handling practices
Assessment support:
- Security questionnaire responses
- Architecture review sessions
- Control documentation
Documentation Process¶
- Submit request -- Contact support with security documentation needs
- NDA review -- Mutual NDA may be required for sensitive details
- Documentation package -- Customized based on requirements
- Follow-up -- Additional clarification as needed
Security Framework Alignment¶
Dxtra security practices align with common framework requirements, though we do not hold certifications:
ISO 27001 Areas¶
- Information security policies
- Access control management
- Cryptographic controls
- Operations security
- Incident management
SOC 2 Trust Principles¶
- Security -- Access controls and monitoring
- Availability -- Infrastructure redundancy
- Processing integrity -- Data validation
- Confidentiality -- Encryption and access controls
- Privacy -- Data handling practices
Industry Considerations¶
Financial Services¶
Dxtra includes encryption for data protection, access controls, audit logging, and incident tracking. Organizations requiring specific financial certifications should evaluate requirements against Dxtra capabilities.
Healthcare¶
Dxtra is not designed for HIPAA-regulated data. See HIPAA Considerations for details.
Government¶
Dxtra does not hold FedRAMP or government-specific certifications.
Security Inquiries¶
What We Can Provide¶
- Security questionnaire responses
- Architecture overview documentation
- Access control documentation
- Incident response procedure summary
Timeline¶
- Standard requests: 5-7 business days
- Complex assessments: 2-3 weeks
- Technical deep-dives: Scheduled based on availability
Common Questions¶
Do you have SOC 2 certification?¶
No. We maintain security practices aligned with SOC 2 principles but do not hold certification.
Do you have ISO 27001 certification?¶
No. We follow information security best practices but do not hold ISO certification.
Can you complete our security questionnaire?¶
Yes. Contact support with your questionnaire and we will respond within 5-7 business days.
Can you provide penetration test results?¶
Summary information from third-party assessments may be available under NDA for qualified prospects.
What about GDPR compliance?¶
Dxtra is designed to help customers with GDPR compliance. See GDPR Implementation for capabilities.
Related Documentation¶
- GDPR Implementation -- European data protection
- CCPA Implementation -- California privacy law
- HIPAA Considerations -- Healthcare considerations
- Incident Response -- Breach procedures
For security documentation requests, contact support@dxtra.ai.