Securifyi
Your security planning, simplified
Sign In

Security & Compliance

Enterprise-grade security designed for schools, healthcare facilities, and regulated organizations

Safe for Your Network

Securifyi operates entirely through your web browser using secure HTTPS—no software installation, no executables, no network vulnerabilities. We use bank-level encryption (TLS 1.3, AES-256), OAuth 2.0 authentication, and maintain FERPA, HIPAA, and SOC 2 compliance. Your data is protected with the same security standards trusted by financial institutions worldwide.

256-bit
AES Encryption
SOC 2
Type II Certified
FERPA
Compliant
RBAC
Role-Based Access

Data Encryption

All data is encrypted both in transit and at rest using industry-standard protocols.

In-Transit Encryption

  • • TLS 1.3 for all connections
  • • HTTPS enforced across platform
  • • Perfect forward secrecy enabled
  • • Certificate pinning for API calls

At-Rest Encryption

  • • AES-256 encryption for databases
  • • Encrypted file storage (S3)
  • • Encrypted backups and snapshots
  • • Key rotation every 90 days

Authentication & Access Control

Multi-layered security with role-based access control and audit logging.

Authentication Methods

  • • OAuth 2.0 with Manus authentication
  • • Session-based authentication with secure cookies
  • • JWT tokens with expiration and refresh
  • • Automatic session timeout after inactivity

Role-Based Access Control (RBAC)

  • • Seven distinct roles: Owner, IT, Facilities, Security, Legal, Finance, Viewer
  • • Granular permissions per module and section
  • • Team member invitation and approval workflow
  • • Activity logging for all access and changes

Compliance Frameworks

Built to meet regulatory requirements for education, healthcare, and enterprise.

FERPA

Family Educational Rights and Privacy Act compliance for K-12 and higher education institutions.

HIPAA

Health Insurance Portability and Accountability Act compliance for healthcare facilities.

SOC 2 Type II

Annual third-party audits for security, availability, and confidentiality controls.

Data Privacy & Residency

Your data stays where you need it, with full transparency and control.

Data Storage

  • • Primary data centers: US-East (Virginia), US-West (Oregon)
  • • Automatic encrypted backups to separate regions
  • • No data shared with third parties
  • • Data residency options available for enterprise

Data Rights

  • • Export all your data at any time (JSON, CSV, PDF)
  • • Delete your account and all associated data
  • • Data retention policies customizable per organization
  • • GDPR, CCPA, and COPPA compliant

Network Security

Enterprise-grade infrastructure with DDoS protection and monitoring.

Infrastructure

  • • Cloud-hosted on AWS/GCP infrastructure
  • • DDoS protection and rate limiting
  • • Web Application Firewall (WAF)
  • • 99.9% uptime SLA

Monitoring

  • • 24/7 security monitoring and alerts
  • • Intrusion detection systems (IDS)
  • • Regular penetration testing
  • • Vulnerability scanning and patching

Audit & Logging

Complete visibility into all system activities for compliance and forensics.

What We Log

  • • User authentication and authorization events
  • • Data access, modification, and deletion
  • • Team member invitations and role changes
  • • Document uploads and exports
  • • Assessment completions and deliverable generation

Log Retention

  • • Audit logs retained for 1 year minimum
  • • Tamper-proof log storage
  • • Exportable for compliance audits
  • • Real-time alerts for suspicious activity

IT Procurement Checklist

Common questions from IT departments and security teams.

Does this require firewall exceptions?

No. Securifyi is a web-based SaaS platform accessed via standard HTTPS (port 443). No firewall changes or VPN configurations are required.

Can we use SSO/SAML authentication?

Currently using OAuth 2.0. Enterprise SSO/SAML integration available upon request for organizations with 50+ users.

Where is our data stored?

Data is stored in AWS/GCP data centers in the United States (US-East and US-West regions). Enterprise customers can request specific regional data residency.

Do you have a Business Associate Agreement (BAA)?

Yes. Healthcare organizations can request a HIPAA Business Associate Agreement as part of the enterprise plan.

Can we export or delete our data?

Yes. You can export all your data (assessments, documents, deliverables) at any time in multiple formats. Account deletion permanently removes all data within 30 days.

What happens if we cancel our subscription?

You retain read-only access to your data for 90 days after cancellation. During this period, you can export all assessments and deliverables before final deletion.

Need More Information?

Our security team is happy to answer additional questions or provide documentation for your IT procurement process.

Request Security QuestionnaireBack to Home