SP
SurfacePoint

Security Overview

Version 2026-07-05.1 | Last updated July 5, 2026

This overview describes the standard hosted SurfacePoint SaaS environment. It is not a statement of export-controlled hosting, defense-grade compliance, regulated-data approval, ITAR/EAR certification, or approval for restricted technical data.

Azure PostgreSQL (EU) Blob Storage One DB per company Encryption in transit and at rest

1. Infrastructure and Data Residency

SurfacePoint production data is primarily stored in Microsoft Azure EU regions. Tenant data is segmented using one PostgreSQL database per company and separate storage paths for media files in Azure Blob Storage.

2. Access Control

3. Encryption and Network Security

4. Logging, Monitoring, and Alerting

We capture operational and security logs to support monitoring, incident analysis, and forensic review. Access to logs is restricted and governed by role and need-to-know.

5. Backup and Recovery

6. Incident Response

SurfacePoint maintains an internal incident response process with severity classification, escalation paths, containment and recovery procedures, and customer communication workflows for material incidents.

7. Shared Responsibility

Cloud providers secure underlying infrastructure. SurfacePoint secures application-layer controls, account management, and tenant isolation. Customers are responsible for their own endpoint security and user account administration.

8. Contact

Security inquiries can be sent to support@surfacepoint.ai.