Security & Compliance
Living document
We hold ourselves to enterprise-grade standards even though we sell to consumers. SOC 2 Type II audit-ready. ISO 27001 in progress.
Encryption
TLS 1.3 in transit. AES-256 at rest. End-to-end encryption for remote-support sessions. Per-user keys stored in AWS KMS.
Access controls
2FA mandatory for every Alpha employee. RBAC for admin operations. Session recording for support agents.
Audit & monitoring
365-day audit log retention. Real-time anomaly detection on admin actions. Annual penetration testing by an independent third party.
Compliance frameworks
SOC 2 Type II (audit-ready) · ISO 27001 (in progress) · CCPA/CPRA · GDPR (best-effort) · HIPAA-aligned controls.
Incident response
24/7 on-call rotation. Notify affected customers within 72 hours of confirmed breach.
Bug bounty
security@alphait247.com — payouts $100–$10,000 based on severity.