SecureSlateSecureSlate
Log inGet started for free

Security

Last updated:

At SecureSlate, security is at the core of everything we build. This page provides transparency into our security practices and infrastructure to help customers and prospects understand our security posture during vendor reviews.

Security program and assessments

SecureSlate complies with GDPR, NIS 2, DORA, and CCPA. We maintain internal security controls and operational practices designed to protect customer data and support security reviews.

For security documentation, questionnaires, or vendor risk assessment support, please contact security@getsecureslate.com.

Infrastructure security

Cloud infrastructure

SecureSlate is hosted on Google Cloud Platform (GCP), benefiting from enterprise-grade infrastructure with robust physical security, network isolation, and redundancy.

Least-privilege access

We enforce least-privilege access controls across all systems. Team members are granted access only to the resources necessary for their specific roles. Access requests are reviewed and approved by managers, with regular access reviews conducted quarterly.

Multi-factor authentication

MFA is enforced for all production systems, administrative consoles, and critical infrastructure. Strong authentication uses approved factors such as authenticator apps. Privileged access requires additional verification steps.

Network security

Our network is protected by Cloudflare, providing DDoS protection, WAF (Web Application Firewall), and bot management. All traffic is encrypted in transit using at least TLS 1.2 (TLS 1.3 where supported).

AI and data handling

How we use AI

SecureSlate leverages AI to enhance compliance workflows, automate document analysis, and provide intelligent recommendations. When AI features are used, customer data may be processed by our AI subprocessor (OpenAI) solely for the purpose of providing the requested service.

Data isolation and multi-tenancy

Tenant isolation

SecureSlate employs logical tenant isolation to ensure customer data is strictly separated. Each customer's data is tagged and filtered at the application layer, with access boundaries enforced through scoped access controls.

Encryption at rest

All customer data is encrypted at rest using AES-256 encryption. Encryption keys are managed by Google Cloud using Google-managed encryption keys. Database backups are also encrypted.

Encryption in transit

All data in transit is encrypted using TLS 1.2 or higher. We enforce HSTS (HTTP Strict Transport Security) and use certificate pinning where applicable.

Access controls

Internal access management

Access to production systems is strictly limited to authorized personnel who require it for their job functions. We maintain comprehensive audit logs of all access to production data and systems.

Single Sign-On (SSO)

SecureSlate supports SAML 2.0 and OIDC-based SSO for customer authentication. Enterprise customers can enforce SSO to ensure consistent authentication policies across their organization.

Team security practices

All SecureSlate team members undergo security awareness training upon onboarding and annually thereafter. We enforce strong password policies, device encryption, and screen lock requirements for all company devices.

Account deletion

Requesting data deletion

Customers can request deletion of their account and all associated data by contacting support@getsecureslate.com or through their account settings. Data deletion requests are processed in accordance with our data retention policies and applicable legal requirements.

Deletion SLA

We complete data deletion within 30 days of receiving a verified request. This includes:

  • Active database records
  • Cached data and CDN content
  • Log data (within retention limits required for security and compliance)
  • Backup data (as backups rotate, typically within 90 days)

Some data may be retained longer if required by law or for legitimate business purposes such as fraud prevention, security investigations, or compliance with legal obligations.

Vulnerability disclosures

Security contact

If you believe you've discovered a security vulnerability in SecureSlate, please report it to us at security@getsecureslate.com. We encourage responsible disclosure and will work with you to address any confirmed issues.

Response commitment

We commit to acknowledging vulnerability reports within 2 business days. Our security team will assess reported issues and provide updates on our investigation and remediation progress. We strive to resolve critical vulnerabilities within 30 days.

Bug bounty program

SecureSlate does not currently operate a public bug bounty program. We appreciate responsible disclosure from security researchers and will recognize their contributions where appropriate.

Safe harbor

We support safe harbor for security researchers who:

  • Make good faith efforts to avoid privacy violations and service disruptions
  • Do not access, modify, or delete data belonging to others
  • Provide sufficient information to reproduce and verify the vulnerability
  • Do not publicly disclose vulnerabilities before we've had reasonable time to address them

We will not take legal action against researchers who follow these guidelines.

For additional security information or to request documentation, please contact us at security@getsecureslate.com.