Skip to main content

Security

Enterprise-grade security by design

Provisum handles sensitive security role data for enterprise migrations. Security is not an afterthought — it is built into every layer of the platform, from database isolation to API endpoint protection.

Encryption

  • AES-256-GCM encryption at rest for sensitive configuration
  • TLS 1.2+ for all data in transit
  • Supabase-managed disk encryption for database storage
  • Bcrypt password hashing with configurable work factor

Access Control

  • Role-based access control with 8 granular roles
  • Row-level security (RLS) policies on all database tables
  • Organization-scoped data isolation (multi-tenant)
  • Principle of least privilege enforced at query level

Authentication

  • Supabase Auth with JWT session management
  • 12-character minimum password policy (uppercase, lowercase, digit, special)
  • Account lockout after 5 failed attempts (5-minute cooldown)
  • SSO/SAML configuration support (Azure AD, Okta)

Audit & Monitoring

  • Comprehensive audit logging of all user actions
  • 2-year immutable audit trail retention
  • Real-time error tracking via Sentry
  • Automated incident detection with AI-powered triage

Infrastructure

  • Hosted on Vercel (SOC 2 Type II certified)
  • Database on Supabase / AWS (SOC 2, ISO 27001)
  • Database-backed rate limiting on all API endpoints
  • Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options

Data Protection

  • Customer Data processed only to deliver the Service
  • AI provider (Anthropic) does not train on Customer Data
  • Right-to-erasure API for GDPR data deletion requests
  • Data export in standard formats (CSV, Excel, PDF)

Compliance

  • GDPR-compliant data processing practices
  • SOX/ITGC audit evidence package generation
  • SOD conflict analysis aligned with SOX Section 404
  • Standard Contractual Clauses for international transfers

Application Security

  • Parameterized queries via Drizzle ORM (SQL injection prevention)
  • Content Security Policy with strict source restrictions
  • CSRF protection via Supabase cookie management
  • Input validation with Zod schemas on API endpoints

Compliance & Certifications

Provisum is designed to support your compliance requirements. Our infrastructure providers hold the following certifications:

SOC 2 Type II

Infrastructure

ISO 27001

Infrastructure

GDPR

Infrastructure

NIST CSF

Infrastructure

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to hello@provisum.io. We will acknowledge receipt within 48 hours and provide a resolution timeline. We do not pursue legal action against researchers who follow responsible disclosure practices.

Need more details?

Enterprise customers can request our full security questionnaire responses, penetration test summaries, and a Data Processing Agreement.

Contact Security TeamView DPA