Security at Slivs.tech
Security is foundational to every Slivs.tech service. This page describes our practices, certifications, and how to report a vulnerability.
Encryption
All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256. Encryption keys are managed with hardware security modules (HSMs).
SOC 2 Type II
Slivs.tech undergoes annual SOC 2 Type II audits conducted by independent third-party auditors. Reports are available under NDA for Enterprise customers.
GDPR compliance
We maintain GDPR compliance for EU customers including Data Processing Agreements, data residency options in EU regions, and right-to-erasure support.
Access controls
Production infrastructure access is restricted to authorised engineers via multi-factor authentication and SSH certificates. All access is logged and reviewed quarterly.
Certifications & compliance
| Standard | Status | Year |
|---|---|---|
| SOC 2 Type II | Certified | 2025 |
| GDPR (EU) | Compliant | Ongoing |
| ISO 27001 | In progress | 2026 target |
| PCI DSS | Not applicable | — |
Report a vulnerability
If you discover a security vulnerability in any Slivs.tech service, please disclose it responsibly by emailing support@slivs.tech. We will acknowledge your report within 24 hours and aim to resolve confirmed vulnerabilities within 90 days.
Please include: a description of the vulnerability, steps to reproduce, potential impact, and any proof-of-concept. We do not pursue legal action against researchers acting in good faith.