Security Overview

Simplilux runs on Canadian cloud infrastructure with defense in depth. Highlights: SOC 2 Type II audited, AES-256 at rest, TLS 1.3 in transit, hardware-backed key management, mandatory MFA for all employees, separation of duties for production access, quarterly penetration tests, 24/7 monitoring, and a public vulnerability disclosure program (security@simplilux.ca, PGP key on file). Customer-facing controls include SSO/SAML, granular role-based access, audit log export, and per-tenant data residency.