Security, Privacy & Transparency

At #divisions, trust isn't just a featureβ€”it's the foundation of everything we build. This center provides complete visibility into our security practices, compliance posture, and data handling standards.

SOC 2 Type II Certified
ISO 27001 Aligned
GDPR & CCPA Compliant

Security Architecture

We implement defense-in-depth strategies across every layer of our infrastructure.

πŸ”

Encryption & Key Management

All data is encrypted at rest using AES-256 and in transit via TLS 1.3. Keys are managed through HSM-backed KMS with automatic rotation and strict access controls.

πŸ›‘οΈ

Access Control & IAM

Zero-trust architecture with RBAC and ABAC policies. Multi-factor authentication is enforced for all administrative access and privileged operations.

πŸ“‘

Continuous Monitoring

24/7 security operations center (SOC) monitoring with AI-driven anomaly detection, real-time alerting, and automated incident response workflows.

πŸ”

Vulnerability Management

Automated SAST/DAST scanning in CI/CD pipelines, quarterly penetration testing by accredited third parties, and a responsible disclosure program.

🏒

Physical & Environmental

Data hosted in Tier III+ facilities with biometric access, redundant power, fire suppression, and strict visitor logging protocols.

πŸ”„

Incident Response

Formalized IR playbooks tested quarterly. 24/7 response team with documented SLAs for containment, eradication, and transparent post-incident reporting.

Compliance & Certifications

We maintain rigorous compliance standards to protect your data and meet regulatory requirements.

S2
SOC 2 Type II
Certified
ISO
ISO 27001
Certified
GD
GDPR
Compliant
CC
CCPA / CPRA
Compliant
HI
HIPAA (BAA)
Available
CJ
CJIS
In Progress

Data Privacy & Handling

Transparent policies governing how we collect, process, store, and protect your information.

πŸ“₯ Data Collection

  • Only data necessary for service delivery is collected
  • Explicit consent required for optional analytics
  • No third-party ad tracking or data brokering
  • Privacy by design in all product development

πŸ—„οΈ Data Storage & Retention

  • Data stored in geographically redundant regions
  • Customer-controlled retention policies
  • Automatic encryption at rest and in transit
  • Secure deletion after retention period expires

🌍 Cross-Border Transfers

  • Data residency options available by region
  • Standard Contractual Clauses for EU transfers
  • Explicit customer consent for jurisdiction changes
  • Regular data mapping and classification audits

πŸ—‘οΈ Deletion & Export

  • Self-service data export in standard formats
  • Right to erasure honored within 30 days
  • Automated backup purging aligned to retention
  • Audit trails for all deletion requests

Availability & Reliability

Engineered for resilience with redundant infrastructure and proactive monitoring.

99.99%
Uptime SLA
< 15m
Incident Response
3
Geographic Regions
24/7
SOC Monitoring

Last 90 days status (Green = 100%, Yellow = >99.9%, Red = Maintenance/Incident)

Vulnerability Disclosure

We welcome responsible disclosure and actively collaborate with security researchers.

If you believe you've discovered a security vulnerability in #divisions products or infrastructure, we encourage you to report it to our security team.

We review all submissions promptly and will acknowledge receipt within 48 hours. Critical vulnerabilities are prioritized for immediate patching and coordination.

We do not take legal action against researchers who act in good faith, maintain confidentiality, and follow responsible disclosure guidelines.

security@divisions.io

Responsible Disclosure Policy

  • In Scope: API endpoints, web applications, customer portals, infrastructure components
  • Out of Scope: Third-party services, social media, physical security, DoS attacks
  • Reporting: Email security@divisions.io with subject "Security Report"
  • Timeline: 48h acknowledgement, 14d triage, coordinated disclosure
  • Bounty: Bug bounty program for validated critical/high findings
  • Safe Harbor: Legal protection for good-faith researchers

Documentation & Reports

Access our latest compliance reports, security whitepapers, and legal agreements.

πŸ“„
SOC 2 Type II Report (2024)
PDF β€’ 2.4 MB β€’ Updated Q3 2024
πŸ”’
Security & Architecture Whitepaper
PDF β€’ 1.8 MB β€’ Updated Oct 2024
πŸ“œ
Data Processing Agreement (DPA)
PDF β€’ 850 KB β€’ GDPR/CCPA Compliant
🌐
Privacy Policy & Terms of Service
HTML β€’ Latest Version

Frequently Asked Questions

Common questions about security, compliance, and data handling.

We operate across three primary regions: US East, EU (Frankfurt), and APAC (Singapore). Enterprise customers can specify data residency requirements during onboarding. All data remains within your selected jurisdiction unless explicitly authorized otherwise.

All subprocessors undergo rigorous security assessments before integration. We maintain a public subprocessor list and require equivalent data protection commitments. Customers are notified 30 days before any new subprocessor engagement.

We acknowledge security incidents within 48 hours, provide initial containment updates within 4 hours, and deliver a detailed post-incident report within 14 business days. Critical infrastructure outages trigger immediate customer notifications.

Absolutely. Enterprise customers can request tailored security questionnaires, pen test results (redacted), or schedule third-party audits. Our trust team will coordinate access and documentation within 5 business days.

Yes. #divisions is prepared to execute a Business Associate Agreement (BAA) for covered entities handling PHI. Enhanced logging, access controls, and data masking features are available for healthcare workflows. Contact sales for HIPAA enablement.