Enterprise Security

Your Supply Network Data is Sensitive. We Treat It That Way.

Supplytrx handles detailed supply chain network maps for enterprise manufacturers. We designed our security architecture with that sensitivity in mind from day one — not retrofitted.

Designed with SOC 2 Type II controls
End-to-end encryption at rest and in transit
Role-based access controls & audit logging
Supplytrx security architecture visualization
Architecture

Security Architecture

Data Isolation

Each customer's supply network graph is stored in a fully isolated namespace with separate encryption keys. No cross-customer data sharing, no shared indexing, no exceptions.

Encryption

All data encrypted at rest with AES-256. All data in transit protected with TLS 1.3. Customer-managed encryption key support available on Command tier.

Access Controls

Role-based access for every resource. Granular permissions per supplier node, per region, per team. SSO via SAML 2.0 / OIDC. MFA required for all user accounts.

Audit Logging

Immutable audit trail for every data access, export, API call, and permission change. Exportable to your SIEM. Log retention configurable per customer policy.

Network Security

AWS VPC isolation, private subnets, no public-facing databases. Customer networks on Command tier can connect via VPN or AWS PrivateLink. Zero trust network model.

Vulnerability Management

Continuous container scanning. Third-party penetration testing annually. Responsible disclosure program. CVSS 7+ issues remediated within 30 days.

Compliance

Compliance Posture

We're built for enterprise procurement and compliance requirements.

SOC 2 Type II

Designed with SOC 2 Type II controls covering security, availability, and confidentiality. Report available to customers under NDA.

GDPR-Ready Data Handling

Data processing agreements available. EU customer data processed in EU-region infrastructure. DPA available on request.

Data Residency

US, EU, and APAC data residency regions available. Customer data does not cross region boundaries unless explicitly authorized.

Enterprise Security Reviews

We support security questionnaires, infosec reviews, and vendor assessments. Our security team responds to enterprise InfoSec requests within 2 business days.

Responsible Disclosure

Security Reporting

We take vulnerability reports seriously. If you find a security issue in any Supplytrx system, please report it responsibly through our disclosure program. We commit to respond to all reports within 72 hours.

Security contact: [email protected]

We do not pursue legal action against good-faith security researchers who comply with our disclosure program terms.

Response SLA
72 hours
First acknowledgement of all vulnerability reports
Critical Patch SLA
48 hours
For CVSS 9+ confirmed vulnerabilities
Pen Test
Annual
Third-party external penetration test, results available to customers

Security Questions?

Our team is available to walk enterprise security teams through our architecture, answer questionnaires, and support infosec reviews.

Contact Security Team