Security
How we protect your data and keep the platform secure.
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed with bcrypt.
Authentication
Session-based auth with secure HTTP-only cookies, CSRF protection, and JWT tokens. Support for SSO on Enterprise.
Access Control
All API endpoints verify authentication and scope data to the authenticated user. No cross-tenant data access is possible.
Infrastructure
Hosted on SOC 2-compliant infrastructure with automated backups, network isolation, and DDoS protection.
Regular Audits
We conduct regular security reviews and dependency audits. Vulnerabilities are patched within 48 hours of disclosure.
Incident Response
Documented incident response plan with defined roles, communication procedures, and post-mortem process.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly to security@ansview.app. We ask that you give us a reasonable time to address the issue before public disclosure. We do not pursue legal action against good-faith security researchers.
Compliance
- GDPR compliant (see our GDPR page)
- SOC 2 Type II infrastructure
- Regular penetration testing
- Data Processing Agreements with all sub-processors