Security
Tenurex security posture
We monitor your compliance. Here's how we secure our own infrastructure.
Measures
How we protect your data
Our architecture is designed for a company that helps others pass SOC 2. We hold ourselves to the same standard.
Data architecture
- Read-only API tokens — never write access
- No PII or business data stored — only control state metadata
- Evidence stored encrypted at rest (AES-256)
- Data segregated per customer tenant
Infrastructure
- Hosted on AWS us-east-1 + us-west-2
- VPC-isolated control plane
- HTTPS-only, TLS 1.3 minimum
- Penetration tested by Praetorian (2025)
Access controls
- SSO + MFA required for all Tenurex team members
- Role-based access within customer tenants
- Full audit log of all system access
- Access de-provisioned same-day for offboarding
Compliance status
- SOC 2 Type II audit in progress
- ISO 27001 implementation in progress
- Responsible disclosure policy active
- Security questions: [email protected]
Responsible disclosure
Found a vulnerability? Email [email protected] with details. We commit to acknowledging within 24 hours and resolving critical issues within 30 days. We ask that you provide us with reasonable time to investigate and address before public disclosure.