[ AES-256 ][ RLS ][ AUDIT-FIRST ][ LGPD ]

endpoint · /trust

Security as theprimary surface

SOFI is a governance product first, a query engine second. Every control listed here is enforced in the request path — not added later by a separate tool. Read the controls, then talk to us about the gaps.

Request security review Start free trial

[ 01 / 05 ]Pillars

// Pillars //

Four surfaces, one consistent line

Identity, data, infrastructure, compliance — each with explicit controls instead of marketing.

Identity

JWT (HS256, 15min access + 7d refresh, rotation, blacklist) + API keys (sgk_ prefix, scoped). Optional SSO via SAML / OIDC on Pro and Enterprise.

Data

AES-256-GCM encryption for datasource credentials with key rotation. PII masking runs in the query path. Zero-copy by default — your data never leaves your sources.

Infrastructure

PostgreSQL Row-Level Security on every tenant table. Docker no-new-privileges + read-only filesystem. Nginx WAF blocks scanners, .env / .git, and SQL injection patterns.

Compliance

LGPD-aligned controls today (DPIA, RoPA, DSR exports). SOC2 Type 2 and ISO 27001 on the 2026 roadmap. Custom security review available on Enterprise.

[ 02 / 05 ]Controls

// Controls //

The actual line items

Every control we ship today, grouped by surface. No 'available on roadmap' hidden inside.

Identity

Token rotation
rotate-on-refresh + Redis blacklist on logout
Account lockout
5 failed logins → 15-minute lockout
Rate limiting
/register 5/h · /login 10/min
API keys
sgk_ prefix · per-scope · revocable · audited
RBAC roles
admin · data_steward · analyst · viewer
SSO
SAML, OIDC (Okta, Azure AD, Google) on Pro+

Data

Source credentials
AES-256-GCM encrypted at rest with rotation
PII masking
Per-column · per-role · runs in query pipeline
Soft-delete
deleted_at · audited · no hard DELETE
Audit retention
30d (Starter) · 12mo (Pro) · custom (Enterprise)
Lineage
Column-level · queryable · DSR-ready
Cache
Opt-in per view · per-tenant · PII-aware

Infrastructure

Tenant isolation
PostgreSQL RLS on every tenant_id table
Container hardening
no-new-privileges + read-only fs
Reverse proxy WAF
Nginx blocks .env/.git, SQLi patterns, scanners
TLS
Let's Encrypt + auto-renewal · TLS 1.2+
CSP + Permissions-Policy
Strict default · per-route overrides
Production hygiene
/docs and /metrics restricted in prod

[ 03 / 05 ]Deployment

// Deployment //

Three places SOFI runs

Pick the perimeter. The product surface is identical across deployments.

Managed cloud

Multi-tenant SOFI cloud, RLS-isolated. Fastest to start. Available on Starter and Pro.

Private VPC

Single-tenant SOFI in your AWS / GCP / Azure account. Available on Enterprise.

On-prem / air-gapped

Terraform + helm install in your data center. No outbound calls. Enterprise only.

[ 04 / 05 ]Compliance roadmap

// Compliance //

What's shipped, what's coming

Every control we hold today and the dates we expect for the rest.

LGPD-aligned controls

shipped2026-Q1

Audit log SDK + DPIA templates

shipped2026-Q1

DSR export endpoint

shipped2026-Q1

SOC2 Type 1 readiness

in progress2026-Q3

SOC2 Type 2

planned2026-Q4

ISO 27001

planned2027-Q1

[ 05 / 05 ]FAQ

// Trust FAQ //

What CISOs and DPOs ask first

Plain answers. If your security team needs something not listed, ask — we usually answer in a day.

By default, nowhere on SOFI — virtualization is zero-copy. Cache (opt-in per view) lives in Redis next to the SOFI service in your chosen region. On Enterprise you pick the region; on Pro/Starter we run in São Paulo (sa-east-1).

// security review on demand

Send your security questionnaire — we answer in a week.

Enterprise plans include a custom security review and architect-led rollout. Most teams clear procurement in 14 days.

Start free trial Talk to sales