Security
Last updated: May 23, 2026
1. Overview
Compact takes the security of your data seriously. This page outlines the technical and organizational measures we have in place to protect the information you entrust to us.
2. Data encryption
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption keys are managed through a dedicated key management service and rotated regularly.
3. Access controls
Access to production systems is restricted to authorized personnel only, enforced through role-based access control (RBAC) and multi-factor authentication (MFA). All access is logged and audited.
4. Infrastructure
Compact is hosted on SOC 2 Type II certified cloud infrastructure. Our environment is isolated with network-level segmentation, private subnets, and Web Application Firewall (WAF) protection.
5. Application security
We follow secure development practices including code review, static analysis, and dependency scanning. Third-party dependencies are monitored for known vulnerabilities and updated regularly.
6. Monitoring & logging
Our systems are monitored 24/7 for anomalous activity. Security events are logged, centralized, and retained for a minimum of 90 days to support incident investigation.
7. Incident response
We maintain an incident response plan that includes detection, containment, and notification procedures. In the event of a breach affecting your data, we will notify affected users in accordance with applicable law.
8. Vulnerability disclosure
If you discover a security vulnerability in the Service, please report it responsibly to security@compact.legal. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly.
9. Updates
We review and update our security practices on a regular basis. Material changes to this page will be reflected in the “Last updated” date above.