Security & Trust
Your cap table is a corporate record. We protect it like one.
Equity data is among the most sensitive information a company holds. Slyced is built around verifiable controls: encryption, scoped access, auditable operations, and migration reports founders can share during diligence.
Security controls
Encryption
- AES-256-GCM encryption for sensitive data at rest
- TLS 1.3 encryption for all data in transit
- Per-value random salt key derivation (scrypt)
- Encryption key rotation support
Authentication
- Powered by Clerk (SOC 2 Type II certified)
- Multi-factor authentication support
- SSO / social login (Google, GitHub)
- Edge-level route protection (zero trust)
Access Controls
- Role-based access (admin, editor, viewer, legal, auditor, stakeholder)
- Application-level company scoping on product queries
- PostgreSQL row-level security policy rollout
- Stakeholder portals with scoped access
Audit & Compliance
- Audit trail on equity mutations and sensitive operations
- Read-access logging for migration reports and external API reads
- IP address logging for sensitive actions
- Append-only audit, transaction, access, and migration-report ledgers
Infrastructure
- Google Cloud Platform (Cloud Run + Cloud SQL)
- Backup and restore-drill evidence captured in operations records
- US-based data residency
Monitoring
- Real-time error tracking (Sentry)
- Durable operation tracking for cron, webhook, and worker jobs
- Rate limiting on tRPC, public forms, webhooks, mobile, and external APIs
- Trusted-origin checks on browser tRPC procedures
HTTP Security Headers
Content Security Policy
Strict CSP headers prevent XSS and injection attacks
HSTS Enforcement
HTTP Strict Transport Security with 2-year max-age
Security Headers
X-Frame-Options, X-Content-Type-Options, Referrer-Policy
Compliance Roadmap
We're building toward industry-standard certifications.
AES-256-GCM encryption at rest
TLS 1.3 encryption in transit
Audit logging with IP tracking
Append-only ledger protections
Trusted-origin checks for browser tRPC procedures
Role-based access controls
SOC 2 certified auth provider (Clerk)
Migration reports for CSV/Carta imports
Full runtime DB role cutover for PostgreSQL RLSPlanned
SOC 2 Type II certificationPlanned
Penetration testing programPlanned
99.9% uptime SLAPlanned
Responsible Disclosure
Found a security vulnerability? We appreciate your help keeping Slyced safe. Please report security issues to security@slyced.dev. We take all reports seriously and will respond within 48 hours.