Encryption at Rest & Transit
AES-256 encryption for all stored data. TLS 1.3 for all communications with perfect forward secrecy.
- AES-256-GCM encryption
- Hardware Security Modules (HSM)
- Automatic key rotation
- Zero-knowledge architecture
Enterprise Security
Security built-in, by default
Your code and data are protected by enterprise-grade security. SOC 2 Type II certified with continuous compliance monitoring.
SOC 2 Type IIGDPRHIPAAISO 27001
99.99%
Uptime SLA
<72h
Breach Notification
0
Security Incidents
24/7
SOC Monitoring
Security Features
Defense in depth
Authentication & Access
Enterprise-grade identity management with multi-factor authentication and SSO support.
- Multi-Factor Authentication (MFA)
- SAML 2.0 & OpenID Connect SSO
- Role-Based Access Control (RBAC)
- Session management & timeouts
Infrastructure Security
Multi-region, enterprise-grade cloud infrastructure with DDoS protection and WAF.
- Cloudflare edge network
- DDoS protection
- Web Application Firewall
- VPC isolation
Monitoring & Detection
24/7 security monitoring with real-time threat detection and automated incident response.
- 24/7 SOC monitoring
- AI-powered threat detection
- Intrusion detection systems
- Real-time alerting
Audit & Compliance
Comprehensive audit logging with immutable records for compliance verification.
- Immutable audit logs
- User activity tracking
- API access logging
- 6+ year log retention
Data Protection
Privacy by design with data minimization, retention policies, and secure disposal.
- Data minimization
- Configurable retention
- Secure data deletion
- Data portability (export)
Security Practices
Continuous improvement
Penetration Testing
AnnualAnnual third-party penetration tests with remediation of all critical findings within 48 hours.
Vulnerability Scanning
ContinuousContinuous automated scanning of infrastructure and application code for vulnerabilities.
Security Training
QuarterlyAll employees complete security awareness training and phishing simulations.
Access Reviews
QuarterlyRegular review of access permissions following least-privilege principles.
Found a vulnerability?
We take security seriously. Report vulnerabilities responsibly and we'll work with you to resolve them quickly.
Headquarters
#13258
Chicago, IL 60605
United States
Octave-X, Inc.
1449 S Michigan Ave#13258
Chicago, IL 60605
United States
Security Team
General: security@chromaflow.ai
Vulnerabilities: security-reports@chromaflow.ai
Phone: (833) 941-3289