Security & Responsible Disclosure

Our commitment to security and how to report vulnerabilities

Security Overview

Security is fundamental to everything we do at Secuva. We protect your data with enterprise-grade security measures and maintain the highest standards for our compliance and AI platforms.

SOC 2 Type II Certified
ISO 27001 Aligned
HIPAA Compliant
Australian Data Residency

Security Architecture

Zero-Trust Network

All network traffic is encrypted and authenticated. No implicit trust is granted to any user or system, regardless of location.

End-to-End Encryption

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed using AWS KMS with regular rotation.

Multi-Factor Authentication

All user accounts require MFA. We support TOTP, SMS, and hardware security keys.

Regular Security Audits

Independent security assessments, penetration testing, and vulnerability scanning are conducted quarterly.

Data Protection

Australian Data Residency

All customer data is stored in AWS data centers located in Sydney and Melbourne. Data never leaves Australian borders without explicit consent.

Data Minimization

We collect and process only the data necessary to provide our services. Data retention policies ensure information is not kept longer than required.

Access Controls

Role-based access controls (RBAC) ensure users can only access data necessary for their role. All access is logged and monitored.

Responsible Disclosure Policy

We welcome security researchers and the broader community to help us maintain the security of our platform. If you discover a security vulnerability, please follow our responsible disclosure process.

Scope

  • secuva.com and subdomains
  • Secuva E8 and PixelIQ applications
  • Public-facing APIs and services
  • Mobile applications (when available)

Out of Scope

  • Social engineering attacks
  • Physical attacks on our facilities
  • Denial of service attacks
  • Issues in third-party services we don't control

Guidelines

  • Make good faith efforts to avoid privacy violations and service disruption
  • Do not access or modify other users' data
  • Report vulnerabilities as soon as possible after discovery
  • Allow us reasonable time to fix issues before public disclosure
  • Do not perform testing that could harm our users or services

Reporting Process

How to Report

Send detailed reports to our security team at:

security@secuva.com.au

For sensitive reports, use our PGP key available upon request.

Include in Your Report

  • Description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Screenshots or proof-of-concept code if applicable
  • Your contact information for follow-up questions

Our Response

  • Acknowledgment within 24 hours
  • Initial assessment within 72 hours
  • Regular updates on our progress
  • Credit for responsible disclosure (if desired)

Security Monitoring

We continuously monitor our systems for security threats and maintain 24/7 security operations capabilities.

Real-time threat detection and response
Automated security scanning and vulnerability management
Incident response team available 24/7
Regular security awareness training for all staff

Questions about our security practices?

Contact Security Team