Security & Compliance
Built with enterprise-grade security from day one
Security by design
Every aspect of AS2aaS is built with security as the foundation, not an afterthought.
- End-to-end encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. AS2 messages support additional encryption using industry-standard algorithms.
- Digital signatures
Support for X.509 certificate-based digital signatures to ensure message authenticity and non-repudiation in accordance with AS2 standards.
- Access control
API key-based authentication with granular permissions, IP allowlisting, and rate limiting to protect against unauthorized access.
- Infrastructure security
Hosted on secure cloud infrastructure with DDoS protection, intrusion detection, and 24/7 monitoring by our security team.
- Audit logging
Comprehensive audit trails for all API access, message processing, and administrative actions for compliance and forensic analysis.
- Data retention
Configurable data retention policies with automatic deletion of expired data. Message payloads are retained only as long as necessary for delivery and compliance.
Compliance & certifications
We maintain industry-standard compliance certifications and follow best practices
SOC 2 Type II
Audited controls for security, availability, and confidentiality
GDPR Compliant
Full compliance with European data protection regulations
AS2 RFC 4130
Full compliance with AS2 protocol specifications and standards
Security practices
Vulnerability management
Regular security assessments, penetration testing, and vulnerability scanning. We maintain a responsible disclosure program for security researchers.
Employee access
Strict access controls with multi-factor authentication, role-based permissions, and regular access reviews. All employees undergo security training.
Incident response
24/7 security monitoring with automated threat detection and a dedicated incident response team. We maintain detailed incident response procedures and communication protocols.
Business continuity
Multi-region deployment with automated failover, regular backups, and disaster recovery procedures to ensure service continuity.
Security questions?
Our security team is here to help with compliance questions and security assessments.