Enterprise Security

Security at Protectron

Your compliance data is sensitive. We treat it that way.

Our Security Commitment

Protectron is built from the ground up with security as a foundational requirement, not an afterthought. We understand that compliance data—including information about your AI systems, audit trails, and evidence—requires the highest levels of protection.

We employ industry-leading security practices, maintain rigorous compliance certifications, and continuously invest in our security posture to earn and maintain your trust.

Infrastructure Security

EU Data Residency

All customer data is stored and processed exclusively within the European Union. Your data never leaves the EU. This isn't just a policy—it's architecturally enforced.

Component	Location	Provider
Application Servers	Frankfurt, Germany (eu-central-1)	AWS
Database	Frankfurt, Germany	AWS RDS
File Storage	Frankfurt, Germany	AWS S3
CDN Edge	EU Points of Presence	CloudFront
Backups	Frankfurt + Ireland	AWS

Cloud Security

Protectron is hosted on Amazon Web Services (AWS), leveraging their world-class security infrastructure:

Physical Security

24/7 security guards, biometric access controls, and comprehensive surveillance

Network Security

Multi-layer DDoS protection, web application firewalls, and network isolation

Compliance

AWS maintains SOC 2, ISO 27001, and numerous other certifications

Availability

Multi-AZ deployment for high availability and disaster recovery

Network Architecture

┌─────────────────────────────────────────────────────────────────┐
│                         Internet                                │
└─────────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────────┐
│                    CloudFront CDN + WAF                         │
│                    DDoS Protection Layer                        │
└─────────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────────┐
│                    Application Load Balancer                    │
│                    TLS Termination (TLS 1.3)                    │
└─────────────────────────────────────────────────────────────────┘
                              │
                              ▼
┌─────────────────────────────────────────────────────────────────┐
│                         VPC (Private)                           │
│  ┌───────────────┐  ┌───────────────┐  ┌───────────────┐       │
│  │  App Servers  │  │   Database    │  │  File Storage │       │
│  │  (Private)    │  │   (Private)   │  │   (Private)   │       │
│  └───────────────┘  └───────────────┘  └───────────────┘       │
└─────────────────────────────────────────────────────────────────┘

All internal services communicate over private networks. Database and storage services are not accessible from the public internet.

Data Encryption

Encryption in Transit

All data transmitted to and from Protectron is encrypted using TLS 1.3 (with TLS 1.2 as minimum).

• API Traffic: TLS 1.3 with strong cipher suites
• SDK Communication: TLS 1.3 with certificate pinning available
• Dashboard: HTTPS enforced with HSTS
• Internal Services: mTLS between microservices

Cipher Suites:

TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256

Encryption at Rest

All stored data is encrypted using AES-256-GCM.

Data Type	Key Mgmt
Database	AWS KMS
File Storage	AWS KMS
Backups	AWS KMS
Logs	AWS KMS

Enterprise: Customer-managed keys (CMK) available for additional control.

Access Control

Authentication

User Authentication

• Email/password with strong requirements
• Multi-factor authentication (MFA)
• SSO integration (SAML 2.0, OIDC)
• Automatic session expiration

API Authentication

• API keys with configurable scopes
• Key rotation support
• Rate limiting per key
• IP allowlisting (Enterprise)

Role-Based Access Control

Role	Permissions
Owner	Full access, billing, team management
Admin	Full access except billing
Editor	Create, edit, delete content; no team management
Viewer	Read-only access
API Only	Programmatic access only

SSO Integration (Enterprise)

OktaAzure ADGoogle WorkspaceOneLoginSAML 2.0OIDC

• Just-in-time provisioning
• SCIM for user lifecycle management
• Enforce SSO-only authentication

Compliance & Certifications

GDPR

Compliant

EU data residency, DPA available

SOC 2 Type II

In Progress

Expected Q2 2025

GDPR Compliance

Protectron is fully compliant with the General Data Protection Regulation:

DPA: Available for all customers

Data Subject Rights: Tools to fulfill requests

Privacy by Design: Built into architecture

EU Data Residency: All data stored in EU

Incident Response

Severity	Description	Response Time
Critical	Active data breach, service down	< 1 hour
High	Security vulnerability, partial outage	< 4 hours
Medium	Potential vulnerability, degraded service	< 24 hours
Low	Minor issues, no immediate risk	< 72 hours

Breach Notification

In the event of a data breach:

• Regulators: Notified within 72 hours per GDPR requirements
• Customers: Notified without undue delay
• Communication: Clear information about impact and remediation
• Support: Dedicated resources for affected customers

Availability & Reliability

Uptime SLA

Starter99.5%

Growth99.9%

Scale99.9%

Enterprise99.95%

Backup & Recovery

• Database: Continuous replication, point-in-time recovery
• File Storage: Cross-region replication
• Backup Frequency: Continuous + daily snapshots
• Retention: 30 days for backups
• RTO: < 4 hours
• RPO: < 1 hour

Frequently Asked Questions

Where is my data stored?

All data is stored in AWS EU (Frankfurt, Germany). Data never leaves the European Union.

Is my data encrypted?

Yes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256-GCM).

Can I use my own encryption keys?

Yes, Enterprise customers can use customer-managed keys (CMK) through AWS KMS.

Do you have SOC 2?

We have SOC 2 Type I and are currently pursuing Type II certification (expected Q2 2025).

Can I get a DPA?

Yes. Our DPA is available for all customers. Contact legal@protectron.ai or download from your dashboard.

Do you support SSO?

Yes, Enterprise plans include SSO support for SAML 2.0 and OIDC providers.

Security Contact

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

security@protectron.ai

Our Commitment:

• Acknowledge receipt within 24 hours
• Provide status updates
• Credit researchers (with permission)
• No legal action against good-faith reporters

Security Documentation

Available on request:

• SOC 2 Type I Report
• Penetration Test Executive Summary
• Security Questionnaire (SIG, CAIQ, custom)
• Data Processing Agreement (DPA)
• Business Associate Agreement (BAA) for healthcare
• Insurance Certificates

Request Documentation

Trust Center →Status Page →Security Contact →

This security page is reviewed and updated quarterly. Last updated: December 2025.