Enterprise-Grade Security

Your documents contain sensitive information. CorpusFabric is built from the ground up with the security controls that government agencies and enterprises require.

Data Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Encryption keys managed via AWS KMS with automatic key rotation
  • Database-level encryption with per-tenant isolation

Access Control

  • Role-based access control (RBAC) with granular permissions
  • Workspace isolation — each organization's data is logically separated
  • SSO integration via SAML 2.0 and OpenID Connect (Enterprise plan)
  • Multi-factor authentication support for all accounts

Infrastructure

  • Hosted on AWS with multi-AZ redundancy
  • SOC 2 Type II certification on our roadmap for 2026
  • Regular penetration testing by independent third parties
  • Automated vulnerability scanning in CI/CD pipeline

Data Residency

  • Primary data storage in US-based AWS regions
  • EU data residency available on Enterprise plans
  • No data transferred to third parties for model training
  • Customer data is never used to train or fine-tune AI models

GDPR Compliance

  • Data Processing Agreement (DPA) available for all customers
  • Right to erasure — full data deletion on request
  • Data portability — export all your data at any time
  • Privacy-by-design principles embedded in product development

Security practices

Security is not a feature we bolt on — it is how we build and operate every part of the platform.

Tenant Data Isolation

Each customer's documents, embeddings, and chat history are stored in isolated workspaces. No data leaks between organizations.

Audit Logging

Every document access, query, and administrative action is logged with timestamps and user identity. Logs are retained for 12 months.

Backup & Recovery

Automated daily backups with point-in-time recovery. Backups are encrypted and stored in a separate AWS region.

Vulnerability Management

Automated dependency scanning, container image scanning, and regular third-party penetration tests. Critical vulnerabilities are patched within 24 hours.

Employee Security

Background checks for all employees. Security awareness training required quarterly. Access to production systems requires MFA and is restricted to essential personnel.

Secure Development

Code reviews required for all changes. Secrets management via environment variables and vault services. No customer data in development or staging environments.

Have security questions?

We are happy to complete your security questionnaire, provide our SOC 2 roadmap, or schedule a call with our security team.

Contact security team Start free trial