SovantSovantBeta
HomeSecurity

SECURITY

Last Updated: August 1, 2025 | Version 1.0

OVERVIEW

Sovant AI is currently in beta. While we implement robust security measures, we are actively working toward formal certifications. This page transparently outlines our current security practices and roadmap.

Beta Status: Sovant is not yet SOC2 or ISO 27001 certified. We leverage certified infrastructure providers and follow security best practices.

INFRASTRUCTURE SECURITY

Data Residency

All data is stored in Singapore (ap-southeast-1) for PDPA compliance and low latency for Southeast Asian customers.

Provider Infrastructure

  • Supabase: PostgreSQL database with automated backups
  • Vercel: Edge network with DDoS protection
  • Cloudflare: WAF and bot protection

APPLICATION SECURITY

Authentication

Magic links, HttpOnly cookies, 15-minute OTP expiry

API Security

Key rotation, rate limiting, request validation

Encryption

TLS 1.3 in transit, AES-256 at rest

Access Control

Row-level security, tenant isolation

COMPLIANCE

PDPA (Malaysia)

We comply with Malaysia's Personal Data Protection Act 2010:

  • Explicit consent for data processing
  • Data minimization and purpose limitation
  • Right to access and correct personal data
  • Data retention and deletion policies

Data Protection

  • PII encryption and pseudonymization
  • Regular security audits
  • Incident response procedures
  • Employee data handling training

PROVIDER CERTIFICATIONS

While Sovant works toward its own certifications, our infrastructure providers maintain:

ProviderCertifications
Supabase/AWSSOC2, ISO 27001, PCI DSS
VercelSOC2 Type II
CloudflareSOC2, ISO 27001

SECURITY PRACTICES

Development

  • Code reviews for all changes
  • Dependency scanning
  • Environment variable management
  • Secure coding guidelines

Operations

  • 24/7 monitoring and alerts
  • Automated backups
  • Incident response plan
  • Regular security updates

VULNERABILITY DISCLOSURE

We welcome security researchers to responsibly disclose vulnerabilities.

Include:
  • Detailed description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested remediation
Response time: Within 48 hours

CONTACT SECURITY TEAM

For security inquiries, vulnerability reports, or compliance questions:

support@sovant.ai

© 2025 Sovant AI. All rights reserved.

TermsPrivacy