Security & Privacy
STRProof is built on a designed-for-SOC-2 architecture. Your data is protected by enterprise-grade encryption, access controls, and audit logging — from day one.
Encrypted at Rest and in Transit
All uploaded files are encrypted with AES-256 server-side encryption in MinIO/S3. PII fields use envelope encryption at the application layer. TLS 1.3 secures every connection. Guest links are cryptographically signed with HMAC-SHA256 and expire automatically.
Role-Based Access Controls
Strict RBAC with organization isolation ensures each host's data is fully separated. Least-privilege principles limit every user role to only what they need. Signed pre-signed URLs are the only way to access files — no public document links, ever.
Complete Audit Trails
Every data mutation is logged to a structured audit trail with actor, action, resource, and timestamp. Sensitive actions like permission changes and data exports receive elevated tracking. Admin activity is monitored through a separate audit trail.
Guest Data Retention Controls
Hosts configure retention policies per property. Guest photos and PII are securely deleted when retention periods expire. Legal hold prevents premature deletion during active disputes. Full GDPR, CCPA, and LGPD compliance with data export and deletion workflows.
Secure Infrastructure
Secrets are managed through dedicated vault infrastructure — never in environment variables or code. Database backups are encrypted at rest with tested restoration procedures. Access codes are encrypted at rest and only decrypted at the point of use.