Trust & Security

Enterprise-Grade Security

Built for regulated industries. Multi-layer security from edge device to cloud platform.

Security Architecture

Edge Security

OPC UA certificate management (X.509)
None/Sign/SignAndEncrypt security modes
Network isolation and air-gapped deployments
Encrypted local storage (AES-256)
GPIO-based physical tamper detection
Secure boot and firmware validation

Transport Security

TLS 1.2+ for all cloud communication
MQTT over TLS with mutual authentication
WebSocket Secure (WSS) for real-time data
Certificate pinning for mobile apps
VPN support for on-premises deployments
No inbound ports required on edge devices

Cloud Security

OAuth 2.0 with Microsoft Entra ID
SCIM 2.0 automated user provisioning
RBAC with granular permissions
JWT with short-lived tokens (15min)
API key management with scoping
Session management with configurable timeouts

Data Security

Row-Level Security (RLS) for multi-tenancy
Per-tenant dedicated databases
Encryption at rest (AES-256)
Automated backups with 30-day retention
Data retention policies and purging
GDPR-compliant data export and deletion

Authentication & Access Control

SSO

Microsoft Entra ID, Google Workspace, custom OIDC

SCIM 2.0

Automated user provisioning and deprovisioning

RBAC

Custom roles with 40+ granular permissions

API Keys

Scoped keys with expiration and IP restrictions

Magic Link

Passwordless authentication via email

OTP

Time-based one-time passwords (TOTP)

Role-Based Access Control

Platform Admin

Tenant Admin

Fleet Manager

Analyst

Operator

Viewer

Technician

Custom Roles

Compliance & Audit

SOC 2 Type II

In Progress

Security, availability, and confidentiality controls

ISO 27001

Planned

Information security management system

GDPR

Designed For

Architecture supports data export, deletion, and consent management

NERC CIP

Designed For

Architecture supports critical infrastructure protection requirements

HIPAA

Designed For

Architecture supports healthcare data privacy and security controls

FDA 21 CFR Part 11

Designed For

Architecture supports electronic records and signature requirements

Audit Trail

Complete audit logging
Every API call logged with user, timestamp, IP address, and action
Data residency options
Choose deployment region for compliance requirements
Compliance reporting
Generate compliance reports for audits and certifications

Network Security

Edge Device Protection

Devices behind customer firewall (outbound-only connections)
No inbound ports required on edge devices
VPN support for on-premises deployments
Network segmentation recommendations

Cloud Infrastructure

DDoS protection on all cloud endpoints
Web Application Firewall (WAF)
Rate limiting and API throttling
Intrusion detection and prevention

Vulnerability Management

Continuous Scanning

Regular dependency scanning
Container image scanning
Static code analysis
Dynamic security testing

Testing & Validation

Annual penetration testing
Security code reviews
Third-party audits
Bug bounty program

Incident Response

24/7 security monitoring
Responsible disclosure program
Security advisory notifications
Incident response plan

Data Retention & Privacy

Data Type	Retention Period	Aggregation
Telemetry (edge)	30 days	1min → 15min → 1hr → 1day
Telemetry (cloud)	2 years	Continuous aggregation
Audit logs	7 years	No aggregation
User sessions	90 days	N/A
Work orders	Indefinite	N/A
Analytics dashboards	Indefinite	N/A

Security Questions?

Our security team is ready to answer your questions and provide detailed documentation.

Contact Security Team Request Security Whitepaper