Trust & Security
Security at Assetify
Your IT asset data is sensitive. Here's how we protect it.
SOC 2 Type II
In progress
ISO 27001
In progress
GDPR
Compliant
Infrastructure
Assetify runs on Supabase (PostgreSQL) infrastructure hosted in the EU (Frankfurt, Germany). All data is encrypted at rest using AES-256 and in transit using TLS 1.2+.
Access controls
We enforce:
- Row-level security (RLS) — every query is organisation-scoped
- Role-based access: admin, member, and viewer roles per organisation
- Multi-factor authentication for admin accounts
- Principle of least privilege for internal systems access
Audit logging
Every create, update, and delete action in Assetify is written to an immutable audit log with the actor, timestamp, and before/after values. Audit logs are available on the Enterprise plan.
Data isolation
All data is logically isolated by organisation. It is not possible to access another organisation's data through the Assetify API or UI. We regularly test this with automated penetration tests.
Backups
Data is backed up continuously with point-in-time recovery up to 7 days. Backups are stored in a separate geographic region.
Responsible disclosure
If you discover a security vulnerability, please email security@getassetify.com. We respond to all valid reports within 2 business days and aim to patch critical issues within 48 hours.
Questions
For security questions or to request our security documentation, contact security@getassetify.com.