Security at SimplifyQA

SOC 2 Type II, ISO 27001, GDPR, and HIPAA-compliant deployments are available. Reports and attestation letters are available under NDA.

SAML 2.0 / OIDC single sign-on, SCIM 2.0 provisioning, granular role-based access control, IP allow-listing, MFA enforcement.

TLS 1.2+ in transit, AES-256 at rest. Customer-managed keys (BYOK) available for enterprise plans.

Hosted on AWS / Azure across regional zones. Defense-in-depth network controls, WAF, DDoS protection, and continuous vulnerability scanning.

Mandatory code review, static + dynamic analysis, third-party penetration tests at least annually, and a public responsible-disclosure program.

Immutable audit logs for every state-changing action. Stream to your SIEM (Splunk, Datadog, Sumo Logic, Elastic) via webhook or API.

Multi-tenant SaaS, single-tenant SaaS, dedicated VPC, or fully air-gapped on-prem — depending on your compliance needs.

24/7 on-call engineering, documented incident-response runbooks, and customer notification within contractual SLAs.