Security & Trust

Your cap table is a corporate record. We protect it like one.

Equity data is among the most sensitive information a company holds. Slyced is built around verifiable controls: encryption, scoped access, auditable operations, and migration reports founders can share during diligence.

Security controls

Encryption

  • AES-256-GCM encryption for sensitive data at rest
  • TLS 1.3 encryption for all data in transit
  • Per-value random salt key derivation (scrypt)
  • Encryption key rotation support

Authentication

  • Powered by Clerk (SOC 2 Type II certified)
  • Multi-factor authentication support
  • SSO / social login (Google, GitHub)
  • Edge-level route protection (zero trust)

Access Controls

  • Role-based access (admin, editor, viewer, legal, auditor, stakeholder)
  • Application-level company scoping on product queries
  • PostgreSQL row-level security policy rollout
  • Stakeholder portals with scoped access

Audit & Compliance

  • Audit trail on equity mutations and sensitive operations
  • Read-access logging for migration reports and external API reads
  • IP address logging for sensitive actions
  • Append-only audit, transaction, access, and migration-report ledgers

Infrastructure

  • Google Cloud Platform (Cloud Run + Cloud SQL)
  • Backup and restore-drill evidence captured in operations records
  • US-based data residency

Monitoring

  • Real-time error tracking (Sentry)
  • Durable operation tracking for cron, webhook, and worker jobs
  • Rate limiting on tRPC, public forms, webhooks, mobile, and external APIs
  • Trusted-origin checks on browser tRPC procedures

HTTP Security Headers

Content Security Policy

Strict CSP headers prevent XSS and injection attacks

HSTS Enforcement

HTTP Strict Transport Security with 2-year max-age

Security Headers

X-Frame-Options, X-Content-Type-Options, Referrer-Policy

Compliance Roadmap

We're building toward industry-standard certifications.

AES-256-GCM encryption at rest
TLS 1.3 encryption in transit
Audit logging with IP tracking
Append-only ledger protections
Trusted-origin checks for browser tRPC procedures
Role-based access controls
SOC 2 certified auth provider (Clerk)
Migration reports for CSV/Carta imports
Full runtime DB role cutover for PostgreSQL RLSPlanned
SOC 2 Type II certificationPlanned
Penetration testing programPlanned
99.9% uptime SLAPlanned

Responsible Disclosure

Found a security vulnerability? We appreciate your help keeping Slyced safe. Please report security issues to security@slyced.dev. We take all reports seriously and will respond within 48 hours.

Questions about security?

Our team is happy to discuss our security practices in detail.

Contact Us