Security
Last updated: May 2026
Security is foundational to everything we build at Analitiq. As a data integration platform handling sensitive enterprise data, we apply industry-leading practices to protect customer information.
Encryption
AES-256 encryption at rest and TLS 1.2+ in transit for all customer data.
Access Control
Role-based access, least-privilege principles, MFA enforced for all employees.
EU Data Residency
All customer data is stored and processed within the European Union.
SOC 2 Type II
Annual independent audits of our security, availability, and confidentiality controls.
GDPR Compliant
Full alignment with GDPR including DPA, SCCs, and data subject rights workflows.
Continuous Monitoring
24/7 infrastructure monitoring, audit logging, and automated threat detection.
Infrastructure
Our platform runs on enterprise-grade cloud infrastructure (AWS, GCP, Azure) within EU regions. Production environments are network-isolated, hardened, and protected by web application firewalls and DDoS mitigation.
Application Security
- Secure software development lifecycle (SSDLC) with mandatory peer review
- Automated static and dynamic security testing (SAST/DAST) on every release
- Regular third-party penetration tests
- Dependency scanning and automated vulnerability patching
Data Protection
- Customer credentials are encrypted with envelope encryption and stored in a managed secrets vault
- Strict tenant isolation across all storage and compute layers
- Configurable data retention with automated purging
- Customer-controlled deletion and export at any time
Incident Response
We maintain a documented incident response plan with defined escalation paths. In the event of a confirmed Personal Data Breach, affected customers are notified without undue delay and within 72 hours, in line with GDPR Article 33.
Reporting a Vulnerability
If you believe you have found a security vulnerability, please email security@analitiq.ai. We appreciate responsible disclosure and will respond within two business days.