sos-vault
Features Pricing Blog
Sign up

Existing customer? Sign in

Security and Compliance

 Last Updated: April the 1st 2025

At sos-vault, we prioritize the security and compliance of your sensitive data. Our platform implements a robust set of security practices to ensure the highest level of protection for all information stored and processed. We are committed to adhering to industry standards and best practices for data privacy and compliance. As part of our payment processing, Paddle acts as the Merchant of Record (MOR), handling all payment transactions on our behalf in full compliance with applicable regulations.

1. Data Encryption

  • End-to-End Encryption: All data stored in sos-vault is encrypted at rest and in transit using strong encryption protocols. We use AES-256 encryption for data at rest and TLS 1.2+ for secure communication over the network.
  • LUKS Encryption for Disks: Sensitive data is stored in encrypted volumes, utilizing LUKS (Linux Unified Key Setup) for full disk encryption, ensuring your data is protected against unauthorized access.

2. Access Control and Authentication

  • Role-Based Access Control (RBAC): sos-vault employs RBAC to restrict access to data based on user roles and permissions, ensuring that only authorized individuals can access sensitive data.
  • Multi-Factor Authentication (MFA): To prevent unauthorized access, we require MFA for all accounts. This adds an additional layer of protection by requiring users to authenticate through more than one method.
  • Third-Party Authentication: We support third-party authentication via Google, Facebook, and GitHub, ensuring that user login credentials are handled securely by trusted identity providers.

3. Secure Data Storage and Backup

  • Encrypted Backups: Backups of all sensitive data are encrypted and stored securely. We ensure that backups are regularly tested and stored in multiple, geographically separated locations to protect against data loss.
  • Retention and Deletion Policies: We follow strict data retention and deletion policies, ensuring that data is only kept for as long as necessary and securely deleted when no longer needed.

4. Regular Security Audits

  • Vulnerability Scanning and Penetration Testing: sos-vault undergoes regular vulnerability scanning and penetration testing by trusted third-party security experts to identify and address potential security flaws.
  • Security Updates: We continuously monitor the latest security vulnerabilities and apply patches and updates to all systems and software to mitigate any risks.

5. Compliance with Industry Standards

  • GDPR Compliance: sos-vault is compliant with the General Data Protection Regulation (GDPR), ensuring that user data is handled responsibly and with respect for privacy. Paddle, as the Merchant of Record, also ensures compliance with applicable GDPR requirements for payment processing.
  • ISO/IEC 27001: We adhere to the principles of ISO/IEC 27001, ensuring that our information security management system is designed to safeguard your data and meet the highest standards for information security.
  • SOC 2 Type II: sos-vault follows the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy, as set forth by SOC 2 Type II standards.
  • PCI DSS Compliance: Paddle, as the Merchant of Record, ensures full compliance with the Payment Card Industry Data Security Standard (PCI DSS) for payment transactions, protecting your financial data during payment processing.

6. Incident Response and Monitoring

  • 24/7 Monitoring: We maintain continuous monitoring of our platform to detect suspicious activities or potential breaches in real-time.
  • Incident Response Plan: In the unlikely event of a security incident, we have a detailed incident response plan to quickly address and mitigate any risks. We also provide transparency to our customers by notifying them of any significant security events.

7. Data Privacy and User Rights

  • Data Minimization: We collect only the data necessary to provide our service, ensuring that no unnecessary personal information is stored.
  • User Control: Users have full control over their data, including the ability to view, update, and delete their information through the platform.
  • Privacy by Design: sos-vault implements privacy by design, ensuring that privacy measures are incorporated into the development and operation of the platform from the ground up.

8. Secure Communication with Support

  • Encrypted Chat Support: When you reach out to our support team, all communications are encrypted to protect your data from unauthorized access. For sensitive issues, our support team will guide you through secure channels.
  • WhatsApp Integration for Human Support: When you request to chat with a human support agent, the conversation will securely transition to your WhatsApp account, allowing two-way communication via your mobile phone.

9. Payment Processing by Paddle

As the Merchant of Record (MOR), Paddle handles all payment transactions for sos-vault, including processing payments, managing refunds, and ensuring compliance with relevant financial regulations. Paddle is fully PCI DSS compliant, ensuring that your payment information is securely processed. This separation allows sos-vault to focus on providing you with an exceptional service while trusting Paddle to handle your financial transactions securely and in full compliance with applicable laws and regulations.