Skip to main content
DocIntell is built with security and compliance as core principles.

Compliance

SEC 17a-4

Immutable storage meets SEC requirements for electronic records

SOX Compliance

Audit trails and access controls for financial data

Data Security

Encryption

Immutable Storage

Documents are stored with Object Retention Lock (WORM mode):
  • Cannot be deleted during retention period
  • Cannot be modified after upload
  • Automatic deletion after retention expires
  • Full audit trail of all access

Tenant Isolation

Row-Level Security (RLS)

All data is isolated at the database level using PostgreSQL RLS:
Even if application logic has a bug, the database prevents cross-tenant access.

API Key Scoping

Each API key is tied to a specific tenant:
  • Keys can only access their tenant’s data
  • Cross-tenant requests return 404 Not Found (not 403 Forbidden)
  • This prevents information leakage about other tenants

Authentication

API Key Security

Best Practices

Store keys in environment variables or secret managers
Use separate keys per environment
Rotate keys regularly
Never commit keys to version control

Webhook Security

HMAC Signatures

All webhooks include HMAC-SHA256 signatures:
Always verify signatures before processing:

Infrastructure Security

Google Cloud Platform

DocIntell runs on GCP with:
  • VPC network isolation
  • Cloud Armor DDoS protection
  • Cloud IAM access controls
  • Cloud Audit Logs
  • Automatic security patching

Container Security

  • Non-root container execution
  • Vulnerability scanning in CI/CD
  • Minimal base images
  • No secrets in environment variables

Vulnerability Reporting

Found a security issue? Please report it responsibly:
  • Email: security@docintell.com
  • We respond within 24 hours
  • We do not pursue legal action for good-faith reports

Certifications

DocIntell is pursuing SOC 2 Type II certification. Contact us for our current security documentation.