Security

Security is our foundation

We built AffirmID with security at its core—not as an afterthought. Here's how we protect your data and your users.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your authentication data is protected at every step.

Secure Infrastructure

Hosted on SOC 2 Type II certified cloud infrastructure with redundant systems across multiple availability zones.

Zero-Knowledge Architecture

Biometric data never leaves your device. We verify authentication without ever accessing your fingerprint or face data.

Audit Logging

Comprehensive audit logs track all authentication events and administrative actions for security review and compliance.

Threat Detection

Real-time monitoring for suspicious activity, brute force attempts, and anomalous access patterns.

Access Controls

Role-based access control (RBAC) and principle of least privilege applied throughout our systems.

Compliance & Certifications

We maintain rigorous compliance with industry standards and regulations.

SOC 2 Type II

Certified

Annual third-party audit of security controls

ISO 27001

In Progress

Information security management system

GDPR

Compliant

European data protection regulation

CCPA

Compliant

California Consumer Privacy Act

FIDO2/WebAuthn

Certified

Passwordless authentication standard

Security Practices

Our security program encompasses development, operations, and data handling.

Secure Development

  • Security-focused code reviews for all changes
  • Static and dynamic application security testing
  • Dependency vulnerability scanning
  • Regular penetration testing by third parties

Operational Security

  • 24/7 security monitoring and alerting
  • Incident response plan with defined SLAs
  • Regular disaster recovery testing
  • Employee security training and background checks

Data Protection

  • Data classification and handling policies
  • Automatic data retention enforcement
  • Secure data deletion procedures
  • Regular backup verification

Security Bug Bounty

Found a security vulnerability? We reward responsible disclosure. Our bug bounty program pays up to $10,000 for critical vulnerabilities.

Report a Vulnerability

Security Resources

Security Whitepaper

Technical deep-dive into our security architecture and controls.

Privacy Policy

How we collect, use, and protect your personal information.

GDPR Compliance

Our commitment to European data protection standards.

Terms of Service

Terms and conditions for using AffirmID services.

Have security questions?

Our security team is here to help. Contact us for security assessments, compliance documentation, or to report concerns.

Contact Security Team