Security Documentation
SecurePie is built with security at its core. Learn about our security architecture, compliance certifications, and best practices.
Security-First Architecture
SecurePie was designed from the ground up with security as the primary concern. We follow industry best practices, undergo regular third-party audits, and maintain multiple compliance certifications to ensure your authentication infrastructure is protected.
Security Features
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
- TLS 1.3 for all connections
- AES-256 encryption at rest
- Perfect forward secrecy
- Certificate pinning on mobile SDKs
Key Management
Secure key management with automatic rotation and hardware security modules.
- AWS KMS for key management
- Automatic key rotation
- HSM-backed key storage
- Separate keys per customer
Audit Logging
Comprehensive audit logs for all authentication events and administrative actions.
- Immutable audit trail
- 90-day retention (configurable)
- Real-time log streaming
- SIEM integration support
Infrastructure Security
Multi-region, redundant infrastructure with strict access controls.
- SOC 2 Type II certified data centers
- Multi-AZ deployment
- Network segmentation
- DDoS protection
Certifications & Compliance
SecurePie maintains industry-leading compliance certifications to meet your regulatory requirements.
SOC 2 Type II
Annual audit of security, availability, and confidentiality controls.
GDPR Compliant
Full compliance with EU data protection regulations.
HIPAA Ready
BAA available for healthcare customers.
ISO 27001
Information security management certification.
Security Best Practices
Enable Multi-Factor Authentication
Require MFA for all admin accounts and encourage it for end users.
Use Strong Session Policies
Configure appropriate session timeouts and idle timeouts based on your security requirements.
Implement IP Restrictions
Restrict admin access to known IP ranges and consider geo-blocking for sensitive operations.
Review Audit Logs Regularly
Set up automated alerts for suspicious activities and review logs weekly.
Keep IdP Certificates Updated
Monitor certificate expiration dates and rotate before they expire.
Test Disaster Recovery
Regularly test your backup IdP configurations and failover procedures.
Report a Security Issue
Found a security vulnerability? We take security issues seriously. Please report any security concerns to our security team.