Security at CompliVibe
We handle compliance data — the kind that goes into regulatory audits and procurement reviews. Security is not optional.
Data Encryption
- 256-bit AES encryption for all data at rest
- TLS 1.3 for all data in transit
- Encryption keys managed with industry-standard rotation policies
- No unencrypted sensitive data stored or transmitted
Access Controls
- Role-based access control (RBAC) across all platform features
- Audit logs for every user action and data access event
- Multi-factor authentication (MFA) support
- Automatic session expiry and token rotation
Compliance
- DPDP-aligned data handling and purpose limitation
- EU GDPR Data Processing Agreement (DPA) available on request
- Data residency options for sensitive compliance workloads
- Regular internal privacy impact assessments
Vulnerability Disclosure
- Responsible disclosure program — we respond within 72 hours
- Security researchers are credited for valid disclosures
- No legal action against good-faith security research
SOC 2 Type II audit in progress. Expected Q4 2026. For security questions, contact legal@complivibe.in