Security is the product.
The largest regulated enterprises in the world run on Datrix. Here's how we earn that trust, at every layer of the stack.
Certified
SOC 2 Type II, ISO 27001, HIPAA. Reports available under NDA.
Encrypted
AES-256 at rest, TLS 1.3 in transit. Customer-managed KMS keys.
Access-controlled
SSO, SCIM, RBAC, row-level policies enforced at query time.
Audited
Immutable audit logs streamed to your SIEM. Retention up to 7 years.
Isolated
Optional single-tenant VPC deployment. Your data never leaves your cloud.
Observable
Continuous vulnerability scanning, third-party pen tests, public status page.
Audited, certified, and always improving.
We maintain the certifications and attestations that regulated industries require. Reports are available to customers and prospects under NDA.
Annual audit covering security, availability and confidentiality controls.
Certified information security management system (ISMS).
Business Associate Agreements and safeguards for healthcare data.
Data processing agreements, DPO access and cross-border transfer safeguards.
Tokenized card-data flows and scoped environment controls.
Privacy controls and consumer-rights workflows for California residents.
Built in, not bolted on.
Security is woven into every layer of Datrix — from infrastructure and identity to data handling and third-party risk.
Secure architecture
Datrix runs on isolated, hardened infrastructure. Production environments are separated by environment and customer, with zero direct access from public networks.
Identity & access
SAML 2.0 and OIDC SSO, SCIM user provisioning, multi-factor authentication, and least-privilege service accounts. Every access decision is logged and auditable.
Data protection
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Bring your own KMS key for full control over sensitive datasets and backups.
Availability & resilience
Multi-region failover, encrypted backups, point-in-time recovery, and published SLAs. Infrastructure-as-code keeps environments consistent and recoverable.
Residency & compliance
Choose where data is stored and processed. Support for regional data residency, processing agreements and regulated-industry workflows.
Vendor security
We assess every vendor with the same rigor we apply to our own platform. Subprocessors are listed in our trust documentation and reviewed annually.
How we stay ahead of threats.
- ✓
Quarterly third-party penetration tests and continuous vulnerability scanning.
- ✓
Automated dependency scanning and secure CI/CD pipelines with signed artifacts.
- ✓
Bug bounty program and responsible disclosure process.
- ✓
24/7 incident response with defined escalation, containment and communication playbooks.
- ✓
Annual security training for every employee and strict endpoint-security policy.
Need a deeper look?
Download our security whitepaper, review a summary report, or talk to our security team.
