Security and data handling

Least privilege, role-based access, audit logs, encrypted data and no visible secrets.

Last updated 4/1/2026

SOCPilot is designed to be deployable inside security-conscious organizations.

Access model

  • Roles enforced at the database (row-level security), not in client code
  • Roles never live on user objects — they live in a dedicated user_roles table
  • Owner / Admin / SOC Lead / Analyst / Viewer / Auditor

Data handling

  • TLS 1.3 in transit, AES-256 at rest, per-tenant key separation
  • Customer-controlled retention windows per data class
  • Hard-delete on schedule for purged records
  • Right-to-be-forgotten honored end-to-end

Secrets

  • Integration credentials are never displayed in plain text after creation
  • API keys are shown once at generation and stored as hash + prefix only
  • Webhook secrets are write-only after creation

Audit

  • Every approval, edit, export and integration change is recorded with actor, action, target and timestamp
  • The audit log is searchable, filterable and exportable
Related articles