Our Commitment

Sorveyor is built for industries where inspection records, audit trails, and compliance documentation carry legal and regulatory weight. We take that responsibility seriously. Security is embedded in how we design, build, and operate the platform — not bolted on after the fact.

How We Protect Your Data

• ✓ Encryption in transit and at rest — All data is encrypted using TLS 1.3 in transit and AES-256 at rest. No exceptions.
• ✓ Immutable audit trails — Every record in Vault is tamper-proof and versioned. Changes are tracked, never overwritten.
• ✓ Role-based access control — Permissions are scoped per user, per team, and per project. Users only see what they're authorized to access.
• ✓ Tenant isolation — Each organization's data is logically isolated. There is no cross-tenant data access.
• ✓ Secure infrastructure — Sorveyor runs on hardened cloud infrastructure with automated patching, monitoring, and incident response procedures.
• ✓ Regular security testing — We conduct regular vulnerability assessments and penetration testing to identify and address risks proactively.

Certification Roadmap

Sorveyor is currently in alpha. We do not yet hold formal security certifications — but we are actively working toward them ahead of our public launch. These are the certifications and standards we are targeting:

• ◯ SOC 2 Type II — Independent audit of our security controls covering availability, confidentiality, and processing integrity. This is our top priority certification.
• ◯ ISO 27001 — International standard for information security management systems. Demonstrates a systematic approach to managing sensitive data.
• ◯ ISO 27701 — Extension to ISO 27001 covering privacy information management. Essential for handling personal data of inspectors and team members.
• ◯ GDPR Compliance — Full compliance with the General Data Protection Regulation for our European customers, including data residency, right to erasure, and data processing agreements.
• ◯ CSA STAR — Cloud Security Alliance assessment for cloud-specific security controls and transparency.

Responsible Disclosure

If you discover a security vulnerability in Sorveyor, we want to hear about it. Please report any findings to security@sorveyor.com. We take every report seriously and will respond within 48 hours.

Questions?

Security is an ongoing conversation. If you have questions about how we protect your data, need a security questionnaire completed, or want to discuss specific compliance requirements for your organization — reach out.