Program
Navodat operates a written information security program aligned to SOC 2 and HIPAA, with continuous monitoring and an annual third-party penetration test.
Encryption
- AES-256 at rest; TLS 1.3 in transit.
- Per-tenant data isolation with scoped retrieval keys.
Access
- Single sign-on (SAML/OIDC) and role-based access control.
- Production access requires hardware MFA and is fully audited.
Monitoring
24/7 telemetry across application, infrastructure, and agent runtime. Anomaly detection alerts on-call within minutes.
Responsible disclosure
Found a vulnerability? Email security@navodat.com with details. We respond within 72 hours and credit researchers in our hall of fame upon resolution. Please do not access data that is not yours.
Incident response
We follow a documented incident response playbook with severity-based escalation, customer notification SLAs, and post-mortems shared with affected customers.