Infrarix logoInfrarix
Back to Legal
Security

Security at Infrarix

Security is not an afterthought — it's embedded into every layer of our infrastructure, from code to deployment.

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest
  • Automatic certificate management
  • End-to-end encryption for sensitive payloads

Infrastructure

  • SOC 2 Type II compliant hosting
  • Multi-region redundancy
  • Isolated tenant environments
  • Automated infrastructure patching

Access Control

  • Role-based access control (RBAC)
  • API key rotation and scoping
  • Multi-factor authentication (MFA)
  • SSO via SAML 2.0 and OIDC

Monitoring

  • 24/7 real-time threat detection
  • Anomaly detection on API traffic
  • Automated incident response
  • Comprehensive audit logging

Compliance

  • SOC 2 Type II certified
  • GDPR compliant
  • HIPAA eligible (Enterprise)
  • Regular third-party audits

Network Security

  • DDoS protection at edge
  • Web Application Firewall (WAF)
  • IP allowlisting available
  • Private network peering (Enterprise)

Our Security Practices

Secure Development Lifecycle

All code undergoes mandatory peer review, automated static analysis (SAST), and dependency vulnerability scanning before deployment. We follow OWASP Top 10 guidelines and conduct regular penetration testing.

Incident Response

We maintain a 24/7 on-call rotation with a documented incident response plan. Security incidents are classified by severity and escalated according to predefined runbooks. Post-incident reviews are conducted for all P1/P2 events.

Data Isolation

Customer data is logically isolated at the application layer. Enterprise customers can opt for dedicated infrastructure with physical isolation. No customer data is ever used for model training or shared across tenants.

Employee Security

All employees undergo background checks and complete security awareness training. Access to production systems requires MFA and is granted on a least-privilege basis with regular access reviews.

Responsible Disclosure

We take security vulnerabilities seriously and appreciate responsible disclosure from the security research community.

If you discover a security vulnerability, please report it to security@infrarix.com. Please include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any relevant screenshots or proof-of-concept code

We aim to acknowledge reports within 2 hours and provide an initial assessment within 24 hours. We will not take legal action against researchers who follow responsible disclosure practices.