Security
Last updated: January 25, 2026
Our Commitment to Security
At Chartav.io, security is not an afterthought—it's built into everything we do. We understand that your employee data is sensitive, and we take our responsibility to protect it seriously.
Security Practices
Encryption
- In Transit: All data is encrypted using TLS 1.3
- At Rest: Data is encrypted using AES-256
- API Keys: Stored with additional encryption layer
Authentication & Access
- Multi-factor authentication (MFA) support
- SSO integration (SAML 2.0, OAuth 2.0)
- Role-based access control (RBAC)
- Session timeout and automatic logout
- Audit logging of all access events
Infrastructure
- Hosted on enterprise-grade cloud infrastructure
- Geographic redundancy and failover
- DDoS protection and rate limiting
- Regular penetration testing
- Continuous vulnerability scanning
Application Security
- OWASP Top 10 protection
- Content Security Policy (CSP) headers
- CSRF and XSS protection
- Input validation and sanitization
- Secure dependency management
Compliance Status
| Certification | Status | Details |
|---|---|---|
| SOC 2 Type II | In Progress | Expected Q2 2026 |
| GDPR | Compliant | EU data processing ready |
| CCPA | Compliant | California privacy law compliant |
| HIPAA | Coming Soon | Healthcare data handling planned |
Data Processing
Data Centers
Your data is processed in secure, certified data centers:
- Primary: US-East (Virginia)
- Backup: US-West (Oregon)
- EU Option: EU-West (Frankfurt) - available on request
Data Retention
We retain your data only as long as your account is active. Upon account deletion, all data is permanently removed within 30 days.
Data Processing Agreement
Enterprise customers can request a Data Processing Agreement (DPA) for GDPR compliance. Contact security@buildorgchart.com.
Incident Response
We have a documented incident response plan that includes:
- 24/7 monitoring and alerting
- Incident classification and prioritization
- Communication protocols for affected customers
- Post-incident review and remediation
In the event of a security incident that affects your data, we will notify you within 72 hours as required by GDPR.
Responsible Disclosure
We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please email us at security@buildorgchart.com.
Please do not publicly disclose the issue until we have had a chance to address it. We commit to:
- Acknowledge your report within 24 hours
- Provide an initial assessment within 5 business days
- Work with you on a coordinated disclosure timeline
Contact Security Team
For security inquiries, please contact: security@buildorgchart.com
See also: Privacy Policy | GDPR | Terms of Service