Platform Security

Encryption: TLS 1.2+ in transit; encryption at rest for databases and backups.
Access Control: role‑based permissions, least‑privilege, MFA/2FA support, and SSO (SAML/OIDC) on enterprise plans.
Auditability: structured audit logs for access and changes across modules.
Secure Development: code review, dependency scanning, and separation of environments.
Backups: regular encrypted backups with periodic restore testing.

Data Governance

Configurable data retention aligned to your compliance needs.
Customer ownership of data; export options and private GraphQL access on enterprise plans.
Data residency options available upon request.

Incident Response

We monitor for anomalies and operate a documented incident response plan, including triage, containment, remediation, and customer notification where required.

Vulnerability Disclosure

If you believe you’ve found a security issue, please contact info@theutilitycompany.co with details. We appreciate responsible disclosure and will work with you to remediate.

Compliance

We follow industry best practices and can support vendor questionnaires. Formal certifications will be noted here as they become available.