Trust & compliance
Enterprise-grade security controls
How GridVax protects customer data: encryption in transit and at rest, plan-gated API access, SAML SSO, and audit logging for Enterprise accounts.
Security program
Security program aligned with SOC 2 Type II control objectives. Enterprise SSO and audit logging available.
Platform controls
Encryption
TLS 1.2+ in transit. Encrypted database volumes at rest on managed infrastructure.
Access control
Plan-gated API endpoints. HttpOnly session cookies with idle timeout (1 hour default, 7 days with Remember me) and absolute session caps. API keys with per-tier export limits.
Enterprise SSO
SAML 2.0 for Enterprise accounts. Domain-verified provisioning.
Data provenance
Source, ingest timestamp, and change history on every facility record.
API metering
Per-key daily counters. Webhook delivery logs and usage reporting.
Data handling
Customer queries and alerts are not resold or used for model training.
Enterprise features
Enterprise accounts include SAML 2.0 single sign-on, domain-verified provisioning, outbound webhooks with delivery logs, and higher API rate limits. Contact sales for a security questionnaire or integration review.
Related
See also privacy & data handling and source attribution.