Data Security

Our approach to security and data protection

We check all the boxes so you can focus on what you do best, building your app and serving your customers.

SOC 2 Type II Certified

Annual third party security penetration tests

External code audits

Start using DSALTA

Trusted by teams worldwide

Join hundreds of top brands that trust DSALTA

Trusted by teams worldwide

Security

Security you can trust, built in.

We protect your data with modern encryption, strong identity controls, and continuous monitoring validated by independent testing and audits.

password

Encryption & key management

AES-256 at rest and TLS 1.2+ in transit, with keys managed and rotated via KMS.

fingerprint

SSO, MFA & RBAC

SAML/OIDC SSO, enforced MFA for admins, and least-privilege roles across apps and APIs.

radar

Monitoring & incident resposnse

Centralized SIEM/EDR, alerting on anomalies, 24/7 on-call, and a documented IR plan.

lock

Vulnerability & pen testing

Continuous scanning with severity-based SLAs, plus annual third-party penetration tests and verified remediation.

list_alt

Audit logging & change control

Immutable admin/data-access logs, code reviews, and gated CI/CD with approvals.

database

Backups, BC/DR & uptime

Point-in-time backups, tested restores, defined RPO/RTO, and multi-AZ availability targets.

SOC 2 Type II Certified

An independent auditor has verified the design and effectiveness of our security controls over a 12-month period. Access the latest report, pen-test summary, and core security policies in the Trust Center.

FAQs

Get clear answers to the most common questions about our security, compliance, and data practices. We're committed to transparency and helping you make informed decisions.

Can we access your SOC 2 Type II report?

Do you run external penetration tests?

Do you support SSO and MFA?

How is data encrypted?

Where is data hosted? Do you offer data residency?

How can I reach security team?

How do you manage vendors and sub-processors?

How do you handle security incidents?

What are your availability and continuity commitments?

What are your data retention and deletion practices?

How can I report security issues to DSALTA?