Security & Trust
How we protect your data and maintain enterprise-grade security across our platform.
1. Our Security Commitment
At Signalyzé Solutions, security is built into every layer of our stack — not bolted on after the fact. From infrastructure design to application logic, every architectural decision is evaluated through the lens of data protection, access control, and resilience. We treat our clients' data with the same rigor and care we apply to our own, because earning and maintaining your trust is fundamental to everything we do.
2. Infrastructure & Encryption
Our platform is engineered with defense-in-depth principles to ensure your data is protected at every stage:
- Encryption at rest — All data is encrypted using AES-256 via our Supabase/AWS infrastructure
- Encryption in transit — All data is encrypted with TLS 1.2+ across every service and API endpoint
- Row-Level Security (RLS) — Enforced on every database table to guarantee tenant isolation
- Role-based access control — Granular permissions with mandatory multi-factor authentication (MFA) for all team members
- Regular security audits — Ongoing penetration testing and vulnerability assessments to identify and remediate risks proactively
3. Vendor Compliance
We carefully vet every vendor in our supply chain. The following matrix summarizes the compliance posture of our core data-processing vendors:
| Vendor | Service | SOC 2 Type II | Encryption |
|---|---|---|---|
| Supabase | Database | ✓ | AES-256 / TLS 1.2+ |
| Stripe | Payments | ✓ (PCI DSS Level 1) | AES-256 / TLS 1.2+ |
| HubSpot | CRM | ✓ | AES-256 / TLS 1.2+ |
| Vapi | AI Voice | ✓ (HIPAA) | TLS 1.2+ |
| Resend | ✓ | TLS 1.2+ | |
| Anthropic | AI Engine | ✓ | TLS 1.2+ |
| GitHub | Version Control | ✓ | AES-256 / TLS 1.2+ |
4. Data Handling
What We Collect
We collect business metrics, contact information, and decision records necessary to operate the Elenivo platform. We do not store financial data — all payment information stays within Stripe's PCI-compliant environment and never touches our servers.
Where It’s Stored
All client data is hosted on Supabase, which runs on AWS US-East infrastructure. Data remains within the United States and is subject to U.S. data protection laws.
Data Retention
Retention periods are configurable on a per-client basis. Automated deletion policies ensure data is purged according to your requirements. Clients may request full data deletion at any time, and we will comply within 30 days.
Data Isolation
Every client's data is isolated through Supabase Row-Level Security (RLS) policies enforced at the database layer. No client can access another client's data, regardless of application-layer logic.
5. Security Policies
Signalyzé Solutions maintains the following formal security policies:
- Information Security Policy
- Acceptable Use Policy
- Incident Response Plan
- Data Retention & Disposal Policy
- Vendor Risk Management Policy
- Business Continuity Plan
Our formal security policies are available upon request during the procurement process.
6. Contact
For security questions, vulnerability reports, or to request our security documentation, contact us at security@signalyzesolutions.com