Skip to main content

Security & Compliance

Your data security and privacy are our top priorities

Our Compliance Journey

Datafaux is built with security best practices and is actively working towards industry-standard certifications. We believe in transparency about our current status and ongoing compliance efforts.

Current Status: Implementing security controls and working towards SOC 2 Type II and ISO 27001 certification

Security Standards & Certifications

🇪🇺

GDPR Ready

Aligned with EU General Data Protection Regulation for data privacy and user rights.

Status: Implementing
🔒

SOC 2 Type II

Working towards certification for security, availability, and confidentiality controls.

Status: In Progress • Target: 2026
📋

ISO 27001

Aligning with international standards for information security management systems.

Status: Planned • Target: 2026-2027
🏥

HIPAA Ready

Enterprise plans can be configured with HIPAA-compliant features.

Status: Available on Request

Security Measures

🔐 Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database backups are also encrypted and stored securely.

🛡️ Access Controls

Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege ensure only authorized personnel can access sensitive systems.

📊 Audit Logging

Comprehensive audit logs track all system access and data operations. Enterprise customers get access to detailed audit reports and real-time monitoring.

🔄 Regular Security Audits

Third-party security audits, penetration testing, and vulnerability assessments are conducted quarterly to ensure ongoing security.

💾 Data Backup & Recovery

Automated daily backups with point-in-time recovery. 99.9% uptime SLA for Enterprise customers with disaster recovery procedures in place.

🌐 Infrastructure Security

Hosted on enterprise-grade cloud infrastructure with DDoS protection, WAF, and network segmentation. Regular security patches and updates.

Data Privacy

  • No Real Data: Datafaux generates synthetic data only. We never store or process real user data.

  • Data Retention: Generated data is not stored on our servers. Schemas and history are retained per your tier limits.

  • Right to Deletion: Users can delete their account and all associated data at any time.

  • Data Portability: Export your schemas and settings in standard formats.

  • No Third-party Sharing: We never sell or share your data with third parties.

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

Response Time: Within 24 hours
Bug Bounty: Available for verified vulnerabilities

Please do not publicly disclose vulnerabilities until we've had a chance to address them.

Enterprise Security Features

Need advanced security features like SSO, on-premise deployment, or custom compliance requirements?

Contact Sales