Security at Krauvix

Your procurement data is sensitive. Here is exactly how we protect it.

AES-256 EncryptionTLS 1.3 in TransitSOC 2 In ProgressGDPR Compliant

Infrastructure

Deployed on Vercel Edge Network with Supabase (AWS us-east-1). 99.9% uptime SLA.

All data encrypted with AES-256. Database encryption enabled at the storage layer.

All connections enforced over TLS 1.3. HTTP traffic is redirected to HTTPS automatically.

Automated daily backups with 30-day retention. Point-in-time recovery available on Enterprise plan.

Static assets served from Vercel's global edge network across 40+ regions.

Cloudflare-backed DDoS mitigation and rate limiting on all API endpoints.

Multi-factor authentication (TOTP) available for all users
Role-based access control (RBAC) with granular permissions
Session management: automatic logout after inactivity
Admin audit log: every login, data export, and settings change is logged with IP and timestamp
Row-level company isolation: your data is never accessible to other tenants

SOC 2 Type II: Audit in progress. Target completion: Q4 2026. Contact us for our current security questionnaire responses.
GDPR: Krauvix acts as a Data Processor. DPA available on request. Data subject rights (access, deletion, portability) supported.
CCPA: California consumer privacy rights honored. See our Privacy Policy.
Data Residency: Data stored in AWS us-east-1 (N. Virginia). EU data residency available on Enterprise plan (roadmap Q1 2027).

We conduct regular dependency audits and apply security patches within 48 hours of disclosure.
Responsible disclosure: security@krauvix.com. We respond within 24 hours.
No third-party code execution in your tenant environment.

Production database access is restricted to 2 engineers with MFA required.
No Krauvix employee can read your data without explicit written consent from your account admin.
All team members sign NDAs and complete security training annually.

Download our Security Questionnaire or contact security@krauvix.com