We protect your data with the same rigor we bring to analyzing external attack surfaces.
Last updated: March 21, 2026
Our infrastructure operates on a Zero Trust model. No implicit trust is granted to any user, device, or network segment.
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Customer data is encrypted using dedicated keys managed by hardware security modules.
Multi-factor authentication is available for all accounts and mandatory for Analyst and Command tiers. We support TOTP and WebAuthn/FIDO2.
Hosted on Microsoft Azure with SOC 2 Type II certified data centers. Primary region: South Central US. Disaster recovery: North Central US.
We never store your credentials. We never access your internal systems. We only analyze publicly visible, externally observable data. Customer scan data is logically isolated with row-level database security.
24/7 automated monitoring with immutable audit logging. All access to customer data is logged and auditable.
We maintain a continuous vulnerability management program with automated dependency scanning and container image analysis.
We maintain a documented incident response plan aligned with NIST CSF. In the unlikely event of a security incident affecting customer data, we will notify affected customers within 72 hours.
For security inquiries, responsible disclosure, or to request our security documentation, contact security@aegisnode.io.