Trust Center

Security & compliance.

StrataView Apex is built for enterprise procurement. Tenant isolation at the database layer, append-only audit, defense-in-depth controls, and a SOC 2 Type II readiness program in active execution.

Control mapping Sub-processors Contact security team

Disclosure posture

We're transparent about where we are. SOC 2 Type II is an active engagement with our auditor — Type I report and full Type II evidence available under NDA. Penetration testing is performed annually by a third-party firm. Security questionnaires (CAIQ, SIG-Lite) are available on request.

Architecture

How we keep customer data isolated.

Every customer is a tenant. Tenants are isolated at the database row level, the application authorization layer, and the audit log. Cross-tenant queries are not possible — even with a stolen session token.

Row-level tenant isolation

Every table has a tenant_id column and a Postgres Row-Level Security policy. The application sets app.current_tenant per session via a JWT claim; the database enforces isolation regardless of application bugs.

RBAC + deny-by-default

Four roles: Owner, Admin, Analyst, Viewer. Every API route declares required permissions; the middleware denies access by default. Permission checks happen after authentication and before any data access.

Hash-chained audit log

Every privileged action — sign-in, data export, role change, settings update — is recorded in an append-only table. Each row contains the SHA-256 of the prior row, making tampering detectable. Retained 13 months for SOC 2.

Authentication

Passwords hashed with bcrypt (cost 12). MFA via TOTP — required for Enterprise, optional for Portfolio, available for Core. JWT access tokens (15 min) + rotating refresh tokens (7 day, single-use). Cookies set HttpOnly, Secure, SameSite=Strict.

Encryption

TLS 1.3 in transit (HSTS preload-eligible). AES-256 at rest for the database and backups. Application secrets stored in Netlify environment variables, rotated on a 90-day cadence.

Network controls

Per-account IP allowlists for Enterprise. Per-IP and per-account rate limits on auth endpoints. CORS locked to strataview.earth. Web application firewall in front of all functions.

SOC 2 Trust Services Criteria

Control mapping.

A subset of our controls and how they map to the AICPA Trust Services Criteria. The full mapping (CC1–CC9 plus Availability, Confidentiality, and Processing Integrity) is available under NDA.

TSC	Control	Implementation
CC6.1	Logical access — provisioning & deprovisioning	RBAC with least-privilege defaults; offboarding revokes session + refresh tokens within 60s.
CC6.2	Authentication of users	Bcrypt passwords + TOTP MFA; password policy enforces NIST SP 800-63B Level 2.
CC6.3	Authorization & segregation of duties	Four-role RBAC + tenant scoping; Owner cannot delete the audit log of their own actions.
CC6.6	Logical access — system credentials	Service-to-service auth via short-lived signed tokens; no long-lived API keys in code.
CC6.7	Restriction of physical & logical access	Postgres RLS policies enforce tenant boundaries; queries without `tenant_id` match return zero rows.
CC6.8	Prevention of malicious software	Dependabot + npm audit on every PR; static analysis (semgrep) runs in CI.
CC7.1	System monitoring	Function logs + audit log + uptime monitor; SIEM ingestion for Enterprise tier.
CC7.2	Anomaly detection	Failed-login rate alerts; cross-tenant query attempt alerts; impossible-travel detection.
CC7.3	Incident response	Documented IR runbook; 24-hour customer notification SLA for confirmed breaches.
CC8.1	Change management	All production changes via PR; required review; CI must pass; deploys are audited.
A1.2	Availability — backups & recovery	Point-in-time recovery (7 days); daily encrypted snapshots retained 30 days; quarterly restore test.
C1.1	Confidentiality — classification	Customer data classified Restricted; segregated from Sadberry Singer corporate data.
C1.2	Confidentiality — disposal	Tenant-deletion workflow purges database rows + storage objects + cache entries within 30 days.
PI1.1	Processing integrity — input validation	Zod schemas on every endpoint; rejected inputs logged but not persisted.

Audit Log

Who did what, from where, when.

Tenant Admins can view a real-time audit log scoped to their tenant. Every entry is immutable and tamper-evident.

Time (UTC)	Actor	Action	Resource	IP	Result
2026-05-09 21:42:18	brandy@sadberrysinger.org	auth.signin.success	session/3f8a…	67.182.x.x	OK
2026-05-09 21:42:42	brandy@sadberrysinger.org	data.export	county/wayne-mi	67.182.x.x	OK
2026-05-09 21:43:09	analyst@acme.com	rbac.role.change	user/u_4421 → Viewer	54.193.x.x	OK
2026-05-09 21:44:01	—	auth.signin.failure	—	185.220.x.x	RATE_LIMITED
2026-05-09 21:44:27	brandy@sadberrysinger.org	tenant.settings.update	tenant/sadberry	67.182.x.x	OK

Sample data shown for illustration. Production audit data is restricted to the tenant.

Vulnerability Disclosure

Report a vulnerability.

We welcome reports from researchers and customers. We commit to acknowledging in 1 business day, providing a status update in 5 business days, and a remediation plan in 30 days for confirmed issues.

Contact

Email: security@strataview.earth

PGP key: /.well-known/security.txt

Please do not test against production tenants. We can provision a sandbox tenant on request.

Sub-processors

Vendors with access to customer data.

We notify customers of material changes to this list at least 30 days in advance via email and the trust center.

Vendor	Service	Data category	Region
Netlify	Static hosting + Functions	Application traffic, request logs	US (multi-region edge)
Supabase	Postgres database + auth backing store	Customer data, audit logs	US East
Resend	Transactional email	Email addresses, message metadata	US
Stripe	Subscription billing	Billing identity (no card data on our infra)	US (PCI DSS Level 1)
Cloudflare	DNS + WAF	Request metadata	Global edge

Need our security questionnaire?

We respond to CAIQ, SIG-Lite, and custom questionnaires within five business days.

Email security@strataview.earth