Trust Center
Live security posture for ReguNav. Updated automatically as our controls change.
We never see your credentials.
Your HuggingFace / Cloudflare / AWS / GCP / Azure tokens stay in YOUR GitHub Secrets. Our reusable workflow runs inside YOUR runner. We never store your tokens, ever. Same pattern Snyk / Drata / Vanta use to clear bank vendor review.
No long-lived shared secrets between your CI and our app. Short-lived (5-min) OIDC tokens minted by GitHub, verified against GitHub JWKS, cross-checked against the calling repo. Zero replay risk.
Every state-changing decision is chain-hashed. The audit-replay engine reconstructs any audited state deterministically from the chain at any point in time. Tamper detection per-row.
Authentication
- MFA enforced for staff
- SSO available for customers
- Hardware security keys for admins
- SAML/OIDC supported
Encryption
- TLS 1.3 in transit (HSTS preload)
- AES-256-GCM at rest
- BYOK (customer-managed keys) on Enterprise
- Encrypted backups
Access control
- Cerbos ABAC on every API request
- Tenant isolation via row-level security
- Least-privilege IAM internal access
- Quarterly access reviews
Logging + monitoring
- Audit-trail (WORM) on every customer action
- 24×7 alerting via PagerDuty
- Anomaly detection on auth events
- Log retention 90d → 7y by SKU
Resilience
- Global edge network
- Automatic failover to secondary region
- Daily off-site backups
- Quarterly DR drills
Privacy
- GDPR Art. 28 DPA available
- Sub-processor list maintained + updated
- Data subject rights workflow
- 72-hour breach notification
Vendor questionnaires
We pre-fill the standard questionnaires so your due-diligence team can finish in hours, not weeks. Available formats:
Need our audit reports or a security review?
Customers, prospects, and auditors all use the same channel. We respond within one business day.