Security at Vortex 360

Security is built in, not bolted on

We handle sensitive financial, HR, and operational data for businesses across the Middle East. Security isn't an afterthought — it's at the core of every decision we make.

SOC-2 Type IIControls alignment
ISO 27001In progress
GDPREU Data Regulation
PDPLSaudi Data Regulation

Our security pillars

A layered security approach covering every aspect of the platform.

Encryption

  • All data encrypted at rest using AES-256
  • TLS 1.2+ enforced for all traffic in transit
  • Database backups encrypted before storage
  • Passwords hashed with bcrypt (cost factor 12)

Authentication & Access

  • JWT tokens with short expiry + refresh rotation
  • Role-Based Access Control (RBAC) with granular permissions
  • Multi-factor authentication (TOTP) supported
  • SSO via SAML 2.0 and OAuth 2.0

Infrastructure

  • Hosted on Microsoft Azure with 99.9% SLA
  • Multi-region failover and automated backups
  • Network-level DDoS protection
  • Private VNet with strict ingress/egress rules

Audit & Monitoring

  • Immutable audit trail — append-only, tamper-proof log
  • Real-time alerts for anomalous login activity
  • Executive Override Logging for high-privilege actions
  • 30-day log retention, 1-year archival

Application Security

  • OWASP Top 10 mitigations applied
  • Input validation and parameterised queries throughout
  • CSRF protection on all state-changing endpoints
  • Regular dependency scanning with Dependabot

Compliance & Testing

  • SOC-2 Type II-aligned controls
  • Annual third-party penetration tests
  • GDPR and PDPL (Saudi) compliant data handling
  • Vendor security reviews for all third-party integrations

Responsible Disclosure

Found a vulnerability? We appreciate responsible reporting.

If you discover a potential security issue in Vortex 360, please report it to us privately before any public disclosure. We commit to acknowledging your report within 24 hours, providing a resolution timeline within 5 business days, and not taking legal action against researchers who follow this policy.

Have security questions?

Our security team is happy to answer questions from prospective enterprise customers, auditors, or compliance teams.

Security | Vortex 360