Security Policy
Last Updated: January 2025
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using industry-standard AES-256 encryption.
Secure Access
Multi-factor authentication and strict identity management ensure only you can access your brand data.
Cloud Infrastructure
Hosted on secure, globally distributed infrastructure with automated backups and 99.9% uptime.
1. Overview
At Soruno, the security of your data is our top priority. We employ a comprehensive security framework that includes rigorous technical controls, organizational policies, and continuous monitoring to protect your information and ensure the reliability of our services.
2. Data Encryption
We use industry-standard encryption protocols to protect your data both in transit and at rest. All communications between your device and our servers are encrypted using Transport Layer Security (TLS 1.3). Data stored in our databases is encrypted using AES-256 encryption.
3. Access Controls
We implement strict access control measures based on the principle of least privilege. Access to sensitive data is restricted to authorized personnel who require it for their job functions. We use strong authentication mechanisms, including multi-factor authentication (MFA), for all internal systems.
4. Infrastructure Security
Our infrastructure is hosted on leading cloud providers (Vercel and Neon Postgres) that maintain high security standards and certifications.
- Automatic DDoS mitigation and firewall protection.
- Network isolation and secure VPC environments.
- Regular security patches and system updates.
- Geographic redundancy for critical services.
5. Data Protection
We perform automated daily backups of all critical data. These backups are encrypted and stored in secure, geographically separate locations. We regularly test our restoration procedures to ensure data can be recovered quickly in the event of a failure.
6. Incident Response
We have a dedicated incident response team and established procedures to detect, investigate, and mitigate security incidents. In the event of a data breach, we will notify affected users and relevant authorities in accordance with our legal obligations.
7. Compliance
We strive to comply with relevant security standards and regulations, including GDPR and POPIA. Our cloud providers maintain SOC 2 Type II, ISO 27001, and other key certifications, ensuring a secure foundation for our application.
8. Security Best Practices
We integrate security into our entire development lifecycle:
- Regular code reviews with a focus on security vulnerabilities.
- Automated security scanning of dependencies and application code.
- Employee security awareness training.
- Secure handling of API keys and secrets using protected environment variables.
9. Reporting Security Issues
We welcome reports from security researchers and users. If you believe you have found a security vulnerability in our service, please contact us at support@soruno.online. We will investigate all legitimate reports and strive to fix issues promptly.
10. Contact Us
For any questions regarding our security practices, please reach out to our security team at support@soruno.online