Security at Offerframe
Your data security is our top priority.
Offerframe handles sensitive business data — pricing, customer information, contracts. We built our platform with security at every layer: encrypted data in transit and at rest, strict tenant isolation, comprehensive audit logging, and continuous monitoring. Here's how we protect your data.
Infrastructure
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption at rest (Supabase / AWS)
- Encrypted, automated database backups
- Hosted on AWS with SOC 2-compliant infrastructure
Authentication
- Strong password policy (12+ characters, complexity requirements)
- Multi-factor authentication (TOTP)
- SSO / SAML 2.0 (Enterprise)
- Secure session management with automatic expiration
Authorization
- Row-level security (RLS) on every database table
- Complete tenant isolation — no cross-tenant data access
- Role-based access control (Admin, Manager, Sales Rep)
- API route-level authorization checks
Data Protection
- Rate limiting on all API endpoints
- Comprehensive audit logging for all actions
- Document hashing (SHA-256) for e-signatures
- Encrypted storage of third-party integration tokens
Monitoring
- Real-time error tracking and alerting (Sentry)
- Uptime monitoring
- Automated security advisory scanning
- Anomaly detection on authentication attempts
Compliance
- GDPR-ready: data export and account deletion on request
- Vulnerability disclosure program (security.txt)
- Responsible disclosure policy
- SOC 2 Type II audit (planned)
SOC 2 Type II
We are actively working toward SOC 2 Type II certification. Our infrastructure already runs on SOC 2-compliant AWS services, and we maintain internal controls aligned with the Trust Services Criteria. We expect to complete our audit in 2026.
Report a Vulnerability
Found a security issue? We take every report seriously. Please reach out and we'll respond within 24 hours.
security@offerframe.io