Trust

Security is the product.

The largest regulated enterprises in the world run on Datrix. Here's how we earn that trust, at every layer of the stack.

Certified

SOC 2 Type II, ISO 27001, HIPAA. Reports available under NDA.

Encrypted

AES-256 at rest, TLS 1.3 in transit. Customer-managed KMS keys.

Access-controlled

SSO, SCIM, RBAC, row-level policies enforced at query time.

Audited

Immutable audit logs streamed to your SIEM. Retention up to 7 years.

Isolated

Optional single-tenant VPC deployment. Your data never leaves your cloud.

Observable

Continuous vulnerability scanning, third-party pen tests, public status page.

Certifications

Audited, certified, and always improving.

We maintain the certifications and attestations that regulated industries require. Reports are available to customers and prospects under NDA.

SOC 2 Type II

Annual audit covering security, availability and confidentiality controls.

ISO 27001

Certified information security management system (ISMS).

HIPAA

Business Associate Agreements and safeguards for healthcare data.

GDPR

Data processing agreements, DPO access and cross-border transfer safeguards.

PCI DSS

Tokenized card-data flows and scoped environment controls.

CCPA / CPRA

Privacy controls and consumer-rights workflows for California residents.

Security layers

Built in, not bolted on.

Security is woven into every layer of Datrix — from infrastructure and identity to data handling and third-party risk.

Secure architecture

Datrix runs on isolated, hardened infrastructure. Production environments are separated by environment and customer, with zero direct access from public networks.

Identity & access

SAML 2.0 and OIDC SSO, SCIM user provisioning, multi-factor authentication, and least-privilege service accounts. Every access decision is logged and auditable.

Data protection

All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Bring your own KMS key for full control over sensitive datasets and backups.

Availability & resilience

Multi-region failover, encrypted backups, point-in-time recovery, and published SLAs. Infrastructure-as-code keeps environments consistent and recoverable.

Residency & compliance

Choose where data is stored and processed. Support for regional data residency, processing agreements and regulated-industry workflows.

Vendor security

We assess every vendor with the same rigor we apply to our own platform. Subprocessors are listed in our trust documentation and reviewed annually.

Security practices

How we stay ahead of threats.

  • Quarterly third-party penetration tests and continuous vulnerability scanning.

  • Automated dependency scanning and secure CI/CD pipelines with signed artifacts.

  • Bug bounty program and responsible disclosure process.

  • 24/7 incident response with defined escalation, containment and communication playbooks.

  • Annual security training for every employee and strict endpoint-security policy.

Need a deeper look?

Download our security whitepaper, review a summary report, or talk to our security team.