Legal
Security Overview
Version 1.0 · Effective 2026-04-24
1. Overview
Security is foundational to ExploroMedia. We implement industry-standard technical and organizational measures to protect Customer Data.
2. Infrastructure
Hosted on enterprise-grade cloud providers with SOC 2 Type II and ISO 27001 certifications.
3. Encryption
- TLS 1.2+ in transit
- AES-256 at rest
- Encrypted secrets management
4. Access Controls
- Role-based access (RBAC)
- Principle of least privilege
- 2FA for administrative access
- Audit logging of privileged actions
5. Data Isolation
- Multi-tenant architecture with strict tenant isolation
- Row-level security enforced at database layer
6. Authentication
- Google SSO for approved users
- Firebase Authentication with bcrypt password hashing
- Minimum 8-character passwords
7. Monitoring and Incident Response
- Continuous uptime and error monitoring
- Incident response procedures
- 72-hour breach notification SLA
8. Backup and Disaster Recovery
- Daily automated backups via our infrastructure providers
- Database snapshots retained per our hosting plan
- Disaster recovery procedures tested periodically
9. Vulnerability Management
- Dependency scanning
- Regular security patches
- Responsible disclosure: security@exploromedia.com
10. Compliance Roadmap
- Current: GDPR compliant, CCPA compliant
- Planned: SOC 2 Type II (target 2026 Q4)
- Planned: ISO 27001 (target 2027)
11. Customer Responsibilities
- Maintain secure credentials
- Proper user access management
- Prompt reporting of suspected security issues