Security Overview
Placino's security-first architecture ensures sensitive data never leaves your infrastructure. Our zero-trust model, envelope encryption, policy-driven access controls, and cryptographic audit chain provide defense in depth against unauthorized access and tampering.
Encryption
Envelope encryption at rest and in transit. Key derivation from bearer tokens. AES-256-GCM encryption for data segments.
Privacy Controls
Query authorization policies. Differential privacy for statistical queries. Federated analytics without data movement.
Compliance
GDPR, HIPAA, SOC 2, ISO 27001, and CCPA mappings. Automated compliance reporting and audit evidence collection.
Audit Trail
Merkle-chain cryptographic audit log. Tamper detection through hash chain verification. Immutable event records.
Security Model
Zero-Trust Architecture
Every request is validated against authentication credentials and authorization policies. No implicit trust based on network location or previous authentication.
Envelope Encryption
Data is encrypted with data encryption keys (DEKs) derived from bearer tokens. Key envelope allows rotation without re-encrypting data segments.
OPA Policy Engine
Open Policy Agent policies define query authorization rules. Fine-grained access control based on user identity, query shape, and data sensitivity.
Merkle-Chain Audit
All operations are logged to a cryptographically linked audit chain. Hash chain verification detects unauthorized modifications to logs.
Certifications
Type II Certified
Information Security
BAA Available
Compliant DPA
For detailed security documentation, threat model, or to schedule a security review, contact our security team.
Contact Security Team