Security Overview
1. Infrastructure and Data Residency
SurfacePoint production data is primarily stored in Microsoft Azure EU regions. Tenant data is segmented using one PostgreSQL database per company and separate storage paths for media files in Azure Blob Storage.
2. Access Control
- Role-based access controls for application users and administrators.
- Least-privilege permissions for service principals and operational staff.
- Authentication controls and support for additional security checks.
3. Encryption and Network Security
- TLS for data in transit between clients and service endpoints.
- Platform-level encryption at rest for database and object storage.
- Restricted administrative access paths and credential management controls.
4. Logging, Monitoring, and Alerting
We capture operational and security logs to support monitoring, incident analysis, and forensic review. Access to logs is restricted and governed by role and need-to-know.
5. Backup and Recovery
- Point-in-time recovery capability for tenant databases.
- Backup verification and restore testing procedures.
- Blob storage protection controls such as versioning/soft-delete where configured.
6. Incident Response
SurfacePoint maintains an internal incident response process with severity classification, escalation paths, containment and recovery procedures, and customer communication workflows for material incidents.
7. Shared Responsibility
Cloud providers secure underlying infrastructure. SurfacePoint secures application-layer controls, account management, and tenant isolation. Customers are responsible for their own endpoint security and user account administration.
8. Contact
Security inquiries can be sent to support@surfacepoint.ai.