Compliance
EquatorOps is designed to meet the security and compliance requirements of enterprise operations teams. This page provides an overview of our compliance posture, data handling practices, and the controls we maintain to protect your data.
1. Data Handling
Encryption at Rest
All customer data is encrypted at rest using AES-256 encryption. Database volumes, backups, and object storage are encrypted by default with keys managed through our cloud provider's key management service.
Encryption in Transit
All data in transit is encrypted using TLS 1.2 or higher. API endpoints, web interfaces, and internal service communication are all encrypted. We enforce HTTPS and HSTS on all public endpoints.
Access Controls
Customer data is logically isolated at the tenant level. Access is governed by role-based access controls (RBAC) with principle-of-least-privilege enforcement. All data access is logged and auditable.
2. Infrastructure Security
Cloud Hosting
EquatorOps is hosted on enterprise-grade cloud infrastructure with built-in redundancy, automated failover, and geographic distribution. Our hosting providers maintain SOC 2, ISO 27001, and other industry certifications.
Network Security
We maintain network segmentation, firewalls, and intrusion detection systems to protect our infrastructure. External attack surface is minimized through a zero-trust network architecture.
Monitoring and Alerting
Infrastructure and application health are monitored continuously. Automated alerting is configured for anomalous behavior, resource utilization thresholds, and security events. Logs are centralized and retained for analysis and audit purposes.
3. Organizational Controls
Access Management
Employee access to production systems follows the principle of least privilege. Access is reviewed regularly, revoked promptly upon role change or offboarding, and requires multi-factor authentication.
Incident Response
We maintain a documented incident response plan that covers identification, containment, eradication, recovery, and post-incident review. Security incidents are communicated to affected customers promptly and transparently.
Employee Training
All team members complete security awareness training upon onboarding and annually thereafter. Engineering staff receive additional training on secure development practices.
Vendor Management
Third-party vendors with access to customer data are evaluated for security posture before engagement and monitored on an ongoing basis. See our Subprocessors page for the current list.
4. Audit and Reporting
EquatorOps maintains comprehensive audit trails across all platform operations. Key audit capabilities include:
- Immutable audit logs for all data mutations and access events.
- User activity tracking with timestamps, IP addresses, and action details.
- API call logging for integration and automation monitoring.
- Exportable audit reports for regulatory review and compliance evidence.
Enterprise customers may request additional compliance documentation or schedule a security review through our contact page.
5. Security Details
For detailed information about our security architecture, data isolation model, and technical controls, visit our Security page.
Enterprise procurement teams may request our security pack, which includes control summaries, architecture documentation, and pre-filled security questionnaire responses. Visit the Security Pack page to make a request.
Questions
For compliance inquiries, contact us at: