Security

Security is not a feature. It's the foundation.

Sitemarks is built with security at every layer. From encryption to access controls, we protect your data with modern infrastructure and secure development practices.

AES-256
TLS 1.3
Read our security whitepaper

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Internal service-to-service communication uses authenticated encryption.

Client
TLS 1.3
Load Balancer
Authenticated
Service
AES-256
Database

Infrastructure

Sitemarks runs on an isolated microservices architecture with infrastructure defined as code. Automated health checks, rolling deployments, and rollback capabilities protect every release.

Access Control

Role-based access control lets you manage who can view, comment, and administer projects. SSO/SAML integration available for enterprise customers.

Authentication

Integrate with your identity provider using SAML 2.0 or OpenID Connect. SCIM provisioning for automated user management. Multi-factor authentication support.

Audit Logging

Track actions across your organization with audit logs. Monitor who accessed what and when for compliance and security oversight.

Practices

Operational security

Our day-to-day practices ensure continuous protection across all services.

Backup & Recovery

Automated database backups with point-in-time recovery.

Monitoring

Continuous health monitoring and structured logging across all services.

Incident Response

Documented incident response procedures with severity levels and escalation paths.

Secure Development

TypeScript strict mode, input validation, and code review practices for all changes.

Compliance

Compliance roadmap

Tracking our progress toward industry-standard certifications and compliance frameworks.

AES-256 encryption at rest

Completed

TLS 1.3 in transit

Completed

Role-based access control

Completed

Comprehensive audit logging

Completed

SCIM provisioning

Completed

GDPR DPA template

Available on request

Responsible disclosure

Found a vulnerability? Report it to security@sitemarks.ai. We respond within 24 hours, acknowledge within 48 hours, and follow coordinated disclosure practices.

We do not pursue legal action against good-faith security researchers.

Have a security question?

Our team is available to answer questions and discuss your organization's specific requirements.

Contact UsEnterprise Plans