SECURITY ARCHITECTURE

How We Protect
Your Data

A transparent, technical overview of the security architecture underpinning Reputation Scorecard. Built on enterprise-grade cloud infrastructure with defence-in-depth principles.

Start Free Assessment

Infrastructure Summary

EU Data Centre (Frankfurt, Germany)

Compute

Managed containers

Database

Encrypted NoSQL

Storage

Encrypted object store

Auth

OAuth 2.0 + PKCE

Secrets

Managed vault

Orchestration

Managed workflows

EU-hosted models

Region

Frankfurt (EU) only

CONTROLS

Defence in depth

Six independent security layers ensure no single point of failure can compromise member data.

Network Security

+All traffic served over HTTPS with TLS 1.3 minimum
+HTTP Strict Transport Security (HSTS) enforced
+Web Application Firewall with custom rule sets for common attack vectors
+DDoS mitigation with automatic traffic filtering
+No direct public access to compute or database layers

Encryption

+Data in transit: TLS 1.3
+Data at rest: AES-256 with managed key rotation
+Key rotation: automatic on 90-day schedule
+Database encryption at rest enabled on all tables
+Object storage encryption on all file buckets

Data Architecture

+EU-hosted database in Frankfurt with point-in-time recovery
+Object storage with versioning and lifecycle policies
+NoSQL architecture, eliminating SQL injection vectors
+Secrets stored in managed vault, never in code
+Environment variables contain no sensitive values

Access Control

+Authentication via OAuth 2.0 with PKCE
+All API routes require valid JWT verification
+IAM roles follow principle of least privilege
+No root account usage; all actions via role-based access
+MFA enforced for all infrastructure console access

Monitoring & Logging

+Centralised logging for all application events
+Full audit trail for all API and infrastructure activity
+Automated anomaly detection and threat monitoring
+Automated alerting on unusual access patterns
+Log retention: 90 days hot, 1 year cold storage

Application Security

+Input validation and sanitisation on all endpoints
+CSRF protection via SameSite cookie policy
+Content Security Policy headers on all responses
+Dependency scanning via automated CI pipeline
+Pre-commit hooks enforce no hardcoded secrets

Responsible Disclosure

If you have discovered a security vulnerability in Reputation Scorecard, we appreciate your help in disclosing it to us responsibly. Please email hello@reputationscorecard.ai with “Security Disclosure” in the subject line. We commit to acknowledging your report within 24 hours and providing a timeline for remediation.

Back to Trust Center

Security you can verify

Every control documented here is in production today. We believe transparency is the best security policy.

Start Free Assessment View GDPR Advantage

GDPR Compliant

SOC 2 Type II

Post-Quantum Cryptography

ISO 42001

SECURITY ARCHITECTURE

How We Protect
Your Data

A transparent, technical overview of the security architecture underpinning Reputation Scorecard. Built on enterprise-grade cloud infrastructure with defence-in-depth principles.

Start Free Assessment

Infrastructure Summary

EU Data Centre (Frankfurt, Germany)

Compute

Managed containers

Database

Encrypted NoSQL

Storage

Encrypted object store

Auth

OAuth 2.0 + PKCE

Secrets

Managed vault

Orchestration

Managed workflows

EU-hosted models

Region

Frankfurt (EU) only

CONTROLS

Defence in depth

Six independent security layers ensure no single point of failure can compromise member data.

Network Security

+All traffic served over HTTPS with TLS 1.3 minimum
+HTTP Strict Transport Security (HSTS) enforced
+Web Application Firewall with custom rule sets for common attack vectors
+DDoS mitigation with automatic traffic filtering
+No direct public access to compute or database layers

Encryption

+Data in transit: TLS 1.3
+Data at rest: AES-256 with managed key rotation
+Key rotation: automatic on 90-day schedule
+Database encryption at rest enabled on all tables
+Object storage encryption on all file buckets

Data Architecture

+EU-hosted database in Frankfurt with point-in-time recovery
+Object storage with versioning and lifecycle policies
+NoSQL architecture, eliminating SQL injection vectors
+Secrets stored in managed vault, never in code
+Environment variables contain no sensitive values

Access Control

+Authentication via OAuth 2.0 with PKCE
+All API routes require valid JWT verification
+IAM roles follow principle of least privilege
+No root account usage; all actions via role-based access
+MFA enforced for all infrastructure console access

Monitoring & Logging

+Centralised logging for all application events
+Full audit trail for all API and infrastructure activity
+Automated anomaly detection and threat monitoring
+Automated alerting on unusual access patterns
+Log retention: 90 days hot, 1 year cold storage

Application Security

+Input validation and sanitisation on all endpoints
+CSRF protection via SameSite cookie policy
+Content Security Policy headers on all responses
+Dependency scanning via automated CI pipeline
+Pre-commit hooks enforce no hardcoded secrets

Responsible Disclosure

Back to Trust Center

Security you can verify

Every control documented here is in production today. We believe transparency is the best security policy.

Start Free Assessment View GDPR Advantage

GDPR Compliant

SOC 2 Type II

Post-Quantum Cryptography

ISO 42001

How We ProtectYour Data

Infrastructure Summary

Defence in depth

Network Security

Encryption

Data Architecture

Access Control

Monitoring & Logging

Application Security

Responsible Disclosure

Security you can verify

How We ProtectYour Data

Infrastructure Summary

Defence in depth

Network Security

Encryption

Data Architecture

Access Control

Monitoring & Logging

Application Security

Responsible Disclosure

Security you can verify

How We Protect
Your Data

How We Protect
Your Data