Security

πŸ”’ Security at RootCascade

Your incident data is sensitive. We treat security as a core feature, not an afterthought.

Security Features

Enterprise-Grade Protection

Multiple layers of security to protect your data at every level.

πŸ”

Encryption

All data protected with industry-standard encryption.

  • TLS 1.3 for data in transit
  • AES-256 for data at rest
  • Encrypted database backups
  • Certificate-based DB auth
πŸ‘€

Access Control

Fine-grained permissions and authentication.

  • Role-based access control (RBAC)
  • SSO / SAML 2.0 support
  • SCIM provisioning
  • Multi-factor authentication
πŸ“‹

Audit Logging

Complete visibility into all system activity.

  • Full action audit trail
  • API access logging
  • Login attempt tracking
  • Exportable for compliance
πŸ›‘οΈ

Network Security

Multiple layers of network protection.

  • VPC isolation
  • WAF protection
  • DDoS mitigation
  • IP allowlisting available
πŸ”

Vulnerability Management

Proactive security testing and monitoring.

  • Annual penetration testing
  • Continuous vulnerability scanning
  • Dependency monitoring
  • Bug bounty program
🚨

Incident Response

Prepared to handle security events.

  • Documented IR procedures
  • 24/7 security monitoring
  • Breach notification policy
  • Regular IR drills
Compliance

Certifications & Standards

We maintain industry certifications and follow security best practices.

πŸ†
SOC 2 Type II
Audited annually for security, availability, and confidentiality
πŸ‡ͺπŸ‡Ί
GDPR
Full compliance with EU data protection regulations
πŸ“œ
ISO 27001
Information security management certification (in progress)
πŸ‡¬πŸ‡§
UK DPA
Compliant with UK Data Protection Act 2018
Our Practices

How We Keep You Secure

πŸ—οΈ

Secure Infrastructure

We host on AWS in EU-West-2 (London) with VPC isolation, security groups, and infrastructure-as-code via Terraform. All infrastructure changes go through code review and automated security scanning. We use immutable deployments with no direct server access.

πŸ’»

Application Security

We follow OWASP guidelines and secure coding practices. All code goes through peer review and automated SAST/DAST scanning. We use parameterised queries, input validation, and output encoding throughout. Dependencies are monitored and patched promptly.

πŸ—„οΈ

Data Protection

Customer data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database access requires certificate authentication. Backups are encrypted and tested regularly. We support configurable data retention and secure deletion on request.

πŸ‘₯

Employee Security

All employees undergo background checks and security training. Access to production systems requires MFA and is logged. We follow the principle of least privilegeβ€”employees only have access to what they need. Access is reviewed quarterly.

🀝

Vendor Management

We carefully vet all third-party vendors before onboarding. Sub-processors are listed in our DPA and undergo security assessment. We maintain a vendor inventory and review security postures annually. Data processing agreements are in place with all vendors.

πŸ“Š

Monitoring & Detection

We run 24/7 security monitoring with automated alerts for suspicious activity. Intrusion detection systems monitor for anomalies. All security events are logged to a SIEM for analysis. We maintain runbooks for common security scenarios.

Infrastructure

Where Your Data Lives

Hosted on AWS with enterprise-grade infrastructure.

🌍
EU-West-2 (London)
Primary data centre location. All customer data stored in the UK by default.
⚑
99.9% Uptime SLA
Enterprise customers receive SLA guarantees with service credits.
πŸ”„
Daily Backups
Automated encrypted backups with 30-day retention and tested recovery.

Questions About Security?

Our security team is happy to answer questions and provide documentation.

Contact Security Team Request Security Docs