Gateplex is built for deployment in regulated industries. Here is how we protect your data and our infrastructure.
Data Protection
All API traffic encrypted with TLS 1.3. HTTPS enforced across every endpoint. No plaintext communication permitted.
Intercept data stored with AES-256 encryption. Row-level security policies enforce strict tenant isolation at the database layer. No cross-tenant data access is possible.
API keys are hashed with bcrypt before storage. Keys never appear in logs. Keys can be rotated or revoked instantly from the dashboard.
EU and US data residency available on Enterprise plans. Customer-chosen regions available on request. Data never leaves the configured region.
Compliance Posture
Audit in progress. We follow SOC 2 controls today and can share our current security posture documentation on request under NDA.
We act as a data processor for customer data. Data subject access request workflows supported. EU data residency available. DPA available on request.
Gateplex maps to Article 12 tamper-evident logging and Article 14 human oversight requirements. Compliance exports formatted for regulatory review.
Infrastructure Security
Row-level security enforced at the database layer. Every query is scoped to the authenticated organisation. No shared data surfaces between tenants.
Every intercept record stores a SHA-256 hash of its own content and the hash of the preceding record at insert time. Chain integrity verified at compliance report generation. Deletion or modification of any record breaks the chain.
Dashboard access governed by role-based permissions. SSO via SAML and OIDC available on Enterprise plans. Okta, Azure AD, and Google Workspace supported.
Responsible disclosure program at security@gateplex.ai. 90-day disclosure policy. All valid reports acknowledged within 48 hours.
For organisations with strict data sovereignty requirements, Gateplex can be deployed entirely within your own cloud environment. Agent payloads, audit logs, and governance decisions never leave your perimeter. Policy synchronisation uses an encrypted outbound-only channel. Available on Enterprise plans. Contact us to discuss your deployment requirements.