Security

Enterprise-grade
security built-in.

SOC 2 Type II certified, GDPR compliant, and HIPAA ready. Your data is protected with industry-leading security practices.

Contact security team Request SOC 2 report

Compliance & Certifications

Verified

SOC 2 Type II

Certified

ISO 27001

Certified

GDPR

Compliant

HIPAA

Ready

PCI DSS

Level 1

CCPA

Compliant

Your data, protectedYour data, protectedYour data, protectedYour data, protected

Data Protection

Your data, protected

End-to-End Encryption

All data encrypted in transit with TLS 1.3 and at rest with AES-256. Customer-managed encryption keys available for Enterprise.

TLS 1.3AES-256HSTSPFSHSM Keys

Access Control

Role-based permissions, MFA enforced, and SSO via SAML 2.0 and OpenID Connect.

MFA required

Data Residency

Choose where your data lives. US, EU, and APAC regions available.

Global regions

Secure Infrastructure

Multi-region deployment on AWS and Google Cloud with VPC isolation, DDoS protection, and intrusion detection.

US-EastActive

EU-WestActive

APACActive

Operations

Always watching

24/7 Monitoring

Real-time SIEM with automated threat detection and alerting

Incident Response

Documented procedures with 24/7 on-call security team

Automated Backups

Continuous replication with 30-day retention and geo-redundancy

Vulnerability Management

Weekly scans, quarterly pentests, and active bug bounty program

Service Level Commitments

Uptime SLA99.99%

Recovery Point (RPO)1 hour

Recovery Time (RTO)4 hours

Breach Notification72 hours

Vulnerability Response24 hours

FAQ

Security questions

Can I get a copy of your SOC 2 report?

Yes. Enterprise customers can request a copy of our SOC 2 Type II report under NDA. Contact sales@canarymsg.dev to request access.

Do you offer HIPAA compliance?

Yes. We offer HIPAA-compliant messaging solutions with Business Associate Agreements (BAA) for healthcare customers. Contact sales for HIPAA-compliant configurations.

Where is my data stored?

You can choose your data residency region: United States (US-East, US-West), European Union (Frankfurt, Dublin), or Asia-Pacific (Singapore, Sydney).

How do I report a security vulnerability?

We have a responsible disclosure program. Please report security issues to security@canarymsg.dev. We'll acknowledge within 24 hours and won't pursue legal action for good-faith research.

Do you support SSO?

Yes. We support Single Sign-On via SAML 2.0 and OpenID Connect. MFA is enforced for all accounts, and we integrate with identity providers like Okta, Azure AD, and Google Workspace.

Questions about security?

Our security team is here to help with compliance documentation and questions.

Report vulnerability Request compliance docs

Enterprise-gradesecurity built-in.