Security & Trust
Your cap table is a corporate record.
We protect it like one.
Equity data is among the most sensitive information a company holds. Slyced is built with security at every layer — from encryption and authentication to infrastructure and monitoring.
Encryption
- AES-256-GCM encryption for sensitive data at rest
- TLS 1.3 encryption for all data in transit
- Per-value random salt key derivation (scrypt)
- Encryption key rotation support
Authentication
- Powered by Clerk (SOC 2 Type II certified)
- Multi-factor authentication support
- SSO / social login (Google, GitHub)
- Edge-level route protection (zero trust)
Access Controls
- Role-based access (admin, viewer, stakeholder)
- Company-level data isolation
- Stakeholder portals with scoped access
- Invitation-based team onboarding
Audit & Compliance
- Full audit trail on all equity operations
- IP address logging for sensitive actions
- Immutable transaction ledger
- Data export for regulatory compliance
Infrastructure
- Google Cloud Platform (Cloud Run + Cloud SQL)
- Automated backups with point-in-time recovery
- US-based data residency
- 99.9% uptime SLA
Monitoring
- Real-time error tracking (Sentry)
- Anomaly detection on auth events
- Rate limiting on all API endpoints
- CSRF protection on mutations
HTTP Security Headers
Content Security Policy
Strict CSP headers prevent XSS and injection attacks
HSTS Enforcement
HTTP Strict Transport Security with 2-year max-age
Security Headers
X-Frame-Options, X-Content-Type-Options, Referrer-Policy
Compliance Roadmap
We're building toward industry-standard certifications.
AES-256-GCM encryption at rest
TLS 1.3 encryption in transit
Audit logging with IP tracking
Role-based access controls
SOC 2 certified auth provider (Clerk)
SOC 2 Type II certificationPlanned
Penetration testing programPlanned
Responsible Disclosure
Found a security vulnerability? We appreciate your help keeping Slyced safe. Please report security issues to security@slyced.dev. We take all reports seriously and will respond within 48 hours.