Complynz Security Practices
At Complynz, we practice what we preach. As a compliance and data protection platform, we maintain enterprise-grade security across every layer of our infrastructure. Our security architecture is designed with defense-in-depth principles to protect your sensitive compliance data.
Application Security
- Web Application Firewall (WAF) — Application-level WAF inspects all incoming requests, blocking SQL injection, XSS, CSRF, and other OWASP Top 10 attack vectors before they reach application logic.
- Rate Limiting — Intelligent rate limiting protects against brute force attacks, credential stuffing, and API abuse with per-endpoint and per-user thresholds.
- Input Sanitization — All user inputs are sanitized and validated server-side using strict schemas to prevent injection attacks and data corruption.
- Security Headers — Comprehensive HTTP security headers including Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and Referrer-Policy are enforced on every response.
Data Protection
- Encryption at Rest — All data is encrypted at rest using AES-256 encryption. Database backups and file storage are also encrypted.
- Encryption in Transit — All communications use TLS 1.2 or higher with strong cipher suites. HSTS is enforced to prevent protocol downgrade attacks.
- Access Controls — Role-based access control (RBAC) with principle of least privilege ensures users only access data they are authorized to view.
- Data Isolation — Multi-tenant data is logically isolated at the database level with row-level security policies preventing cross-tenant data access.
Infrastructure Security
- Secure Hosting — Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certified data centers.
- Automated Backups — Regular automated database backups with point-in-time recovery capabilities ensure data durability.
- Monitoring and Alerting — 24/7 infrastructure monitoring with automated alerts for anomalous activity, performance degradation, and security events.
- Dependency Management — Automated scanning of dependencies for known vulnerabilities with rapid patching cycles for critical CVEs.
Compliance and Certifications
Complynz follows security best practices aligned with ISO 27001, SOC 2, and DPDP Act 2023 requirements. We continuously assess our own security posture using the same tools we provide to our customers.