Security at WebAudit

We take security seriously. Learn about our practices, certifications, and how we protect your data.

View DPASecurity Inquiry

Compliance & Certifications

SOC 2 Type II

Annual audit of security controls

Certified
GDPR

EU data protection compliance

Compliant
CCPA

California privacy compliance

Compliant
ISO 27001

Information security management

In Progress

Security Features

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Access Control

Role-based access control (RBAC) with principle of least privilege. MFA required for all employees.

Infrastructure

Hosted on AWS with SOC 2 certified data centers. Geographic redundancy and automatic failover.

Monitoring

24/7 security monitoring, intrusion detection, and automated alerting for anomalies.

Penetration Testing

Annual third-party penetration tests and continuous vulnerability scanning.

Incident Response

Documented incident response plan with defined escalation procedures and SLAs.

Security Practices

Secure Development

  • Secure SDLC with security reviews
  • Automated security testing in CI/CD
  • Dependency vulnerability scanning
  • Code review requirements

Employee Security

  • Background checks for all employees
  • Security awareness training
  • Confidentiality agreements
  • Access deprovisioning procedures

Data Protection

  • Data classification and handling
  • Backup and recovery procedures
  • Data retention policies
  • Secure data disposal

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. Please email security issues to our security team.

Report security vulnerabilities to:

security@webaudit.dev

Please include detailed steps to reproduce the issue. We aim to respond within 24 hours.

Questions about security?

Our security team is happy to answer questions and provide additional documentation.

Contact Security Team