Trust

Trust Center

Our security posture, compliance status, data handling practices, and the sub-processors we engage — all in one place. We believe transparency is foundational to the trust you place in Phalanxia.

Compliance

Compliance status.

We are actively building the compliance infrastructure required to serve regulated enterprise customers.

SOC 2 Type II

Our SOC 2 Type II audit is currently in progress. We are working with an accredited third-party auditor to evaluate controls across the Security, Availability, and Confidentiality trust service criteria. We do not claim SOC 2 certification at this time.

  • Audit period: in progress
  • Trust service criteria: Security, Availability, Confidentiality
  • Report availability: upon completion, under NDA to prospective customers
GDPR & Data Privacy

Phalanxia operates as a data processor for customer telemetry and as a data controller for account and billing data. We maintain a data processing agreement (DPA) available to all customers. Our privacy practices are described in our Privacy Policy.

  • Data processing agreement (DPA) available on request
  • Data subject rights supported (access, deletion, portability)
  • Sub-processor list maintained and disclosed below
Data protection

How we handle and protect your data.

Encryption in transit

All data in transit is encrypted using TLS 1.2 or higher. Connections using older protocol versions are rejected. HTTP requests are redirected to HTTPS.

Encryption at rest

Customer data stored on Phalanxia infrastructure is encrypted at rest using AES-256. Database and object storage volumes use provider-managed keys with customer-managed key options available on enterprise plans.

Access controls

Access to customer data is governed by role-based access control with least-privilege defaults. All internal access to production systems is logged, reviewed periodically, and requires multi-factor authentication.

Monitoring & logging

Production infrastructure is monitored continuously for anomalous activity. Security-relevant events are logged to an append-only audit trail retained for a minimum of 90 days.

Vulnerability management

We maintain a vulnerability disclosure policy, conduct periodic penetration testing, and apply security patches on a defined schedule based on severity rating.

Incident response

We maintain a written incident response plan. In the event of a security incident affecting customer data, we will notify affected customers within the timeframes required by applicable law and contract.

Data residency

Where your data lives.

Primary region

By default, customer data is processed and stored in the United States. We use cloud infrastructure located in US-based availability zones for primary storage and processing workloads.

  • Default region: United States
  • EU residency option: available on enterprise plans (contact sales)
  • Cross-region replication: used for disaster recovery only, within agreed-upon boundaries
  • Data deletion: customer data is deleted within 30 days of account termination
Sub-processors

Third-party sub-processors.

The following list identifies the third-party sub-processors Phalanxia currently engages to deliver its services. We maintain this list and will notify customers of material changes at least 30 days in advance.

Sub-processor register CURRENT
Sub-processor
Purpose
Data location
Namecheap
Web hosting and domain registration
United States
FormSubmit
Contact form submission processing
United States
PostHog
Product analytics (opted-in only; dormant until user consent)
United States

We will notify customers of material changes to our sub-processor list at least 30 days in advance. Customers with DPAs may object to new sub-processors per the terms of their agreement.

Availability

Uptime & service status.

Live status

Real-time service status, including any active incidents and maintenance windows, is published at our status page. Subscribe to receive notifications for platform events.

  • Status page updated in real time during incidents
  • Email and webhook subscription available
  • Historical uptime records accessible on the status page
SLA commitments

Service-level commitments are defined per plan tier in the customer order form and govern the deployed ARES platform environment.

  • Availability target: 99.9% monthly uptime
  • Planned maintenance windows: notified 72 hours in advance
  • Incident response SLA: P0 acknowledged within 15 minutes
Security contact

Questions or concerns?

For security vulnerability reports, review our disclosure policy. For general trust and compliance questions, reach our security team directly.

Machine-readable: /.well-known/security.txt