Data Security Policy

Last updated: May 22, 2026

SIP Toolbox takes the security of customer data seriously. This policy describes the technical and organisational measures we apply to protect data processed by the Service.

1. Encryption

  • In transit: All traffic is served over HTTPS with TLS 1.2 or higher and HSTS.
  • At rest: Databases and object storage are encrypted with AES-256.
  • Credentials: Passwords are hashed with industry-standard one-way algorithms; we never store them in clear text.

2. Access control

  • Row-Level Security (RLS) enforces per-tenant data isolation in our database.
  • Administrative access is limited to authorised personnel and requires multi-factor authentication.
  • Least-privilege roles for staff; access is reviewed periodically.

3. Application security

  • Strict security headers: HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
  • Input validation and parameterised queries to mitigate injection.
  • Authentication via signed JWTs with short-lived tokens.
  • Dependency scanning and timely patching of known vulnerabilities.

4. Infrastructure

  • Hosted on reputable cloud providers with SOC 2 / ISO 27001 attestations.
  • Network isolation between tenants at the database layer.
  • Regular backups with tested restore procedures.

5. Monitoring and logging

We log authentication events, administrative actions, and exceptions. Logs are retained for a limited period and access is restricted.

6. Sub-processors

We use vetted sub-processors (cloud hosting, database, AI inference, email) and bind them to data-protection terms. A current list is available on request.

7. Incident response

If we become aware of a security incident affecting your data, we will investigate, contain, and notify affected customers without undue delay, consistent with applicable law (typically within 72 hours where GDPR applies).

8. Responsible disclosure

Report suspected vulnerabilities to security@siptoolboxs.com. Please give us a reasonable opportunity to investigate and remediate before public disclosure.

9. Customer responsibilities

  • Keep your account credentials confidential and enable available security features.
  • Only upload data you are authorised to share with a processor.
  • Review AI-generated outputs before acting on them.

10. Contact

Security questions: security@siptoolboxs.com.