Security & Compliance

Enterprise-Grade Security
at Every Layer

Your data never leaves your infrastructure unencrypted. Every migration is audited, validated, and compliant from day one.

Certifications

Industry-Standard Compliance

Built to meet the most demanding enterprise security requirements.

🛡️

SOC2 Type II

Annual third-party audit of security, availability, and confidentiality controls.

Certified

🇪🇺

GDPR Compliant

Full EU data protection compliance with data residency controls and right-to-erasure.

Compliant

🔐

ISO 27001

International information security management system certification.

Certified

🏥

HIPAA Ready

Healthcare data migration with Business Associate Agreements (BAA) available.

Available

Security Features

Six Layers of Protection

Security isn't an afterthought — it's the foundation every feature is built on.

🔑

End-to-End Encryption

All data encrypted with AES-256 at rest. All connections secured with TLS 1.3 in transit. Keys managed via dedicated HSM vaults.

👥

Role-Based Access Control

Fine-grained RBAC with SSO integration (SAML, OIDC). Least-privilege access enforced. Session management and IP allowlisting.

📋

Immutable Audit Logs

Every action, every connection, every schema change logged with user, timestamp, and IP. Tamper-proof and exportable for compliance.

🌐

Private Network Deployment

Deploy within your VPC via AWS PrivateLink or Azure Private Link. Your data never traverses the public internet.

🗺️

Data Residency Control

Choose exactly where your data is processed. EU, US, or APAC data residency options for GDPR and data sovereignty compliance.

🚨

Incident Response SLA

Dedicated security incident response team. P1 SLA: 1-hour response. 24/7 monitoring with automated threat detection.

Encryption Architecture

Defence in Depth

Multiple independent encryption layers ensure that even in the unlikely event one layer is compromised, your data remains protected.

✓ TLS 1.3 for all data in transit

✓ AES-256-GCM for data at rest

✓ Per-migration encryption keys

✓ HSM-backed key management

✓ Zero credential storage

Encryption Layers

Layer 1 — Transport

TLS 1.3 · Perfect Forward Secrecy · HSTS

Layer 2 — Application

AES-256-GCM · Per-session keys · Authenticated encryption

Layer 3 — Storage

AES-256 at rest · Encrypted backups · Key rotation

Layer 4 — Key Management

AWS KMS / Azure Key Vault · HSM-backed · FIPS 140-2

✓ Your credentials are never stored on Dflux.ai infrastructure

Audit Logging

Every Action. Every Moment. Logged.

Immutable, tamper-proof audit logs capture every database connection, schema change, and data access event — with full context for compliance reporting.

What's logged: User, action, resource, timestamp, IP, outcome

Retention: 90 days standard · 7 years for compliance tiers

Export: SIEM integration, CSV export, API access

Audit Log Live · UTC

14:32:01 Success Migration started — users table r.sharma

14:32:04 Info Schema validated — 48 columns system

14:33:19 Success Checkpoint — 500K rows synced system

14:35:02 Warn Latency spike 120ms — auto-throttled system

14:36:44 Success Checkpoint — 1M rows synced system

14:39:11 Info Validation started — row count check system

14:39:14 Success Validation passed — 1.2M / 1.2M rows system

Security Documentation

Request Our Full Security Package

Penetration test reports, SOC2 certificate, DPA templates, and architecture diagrams available under NDA.