Built to be audited.
SabNode runs sensitive payroll, customer data, financial records — and treats that responsibility seriously. Here's exactly what we do.
Certifications
Audited, signed, available on request.
SOC 2 Type II
Annual audit by independent firm. Report on request under NDA.
ISO 27001
Information security management — certified.
DPDP (India)
Data Protection & Digital Privacy compliance toolkit, built-in.
GDPR (EU)
DSR workflows, data residency in EU, DPA available.
HIPAA-ready
BAA available for Scale+ plans serving US healthcare.
PCI DSS
Card data tokenised — we never store PANs.
9 pillars
The security posture, in plain English.
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit, BYO-KMS / HSM on Enterprise.
Region pinning
Choose IN / EU / US. Data never leaves the region — backups too.
Just-in-time secrets
SabVault gates every key with role + reason + auto-revoke.
SSO + SCIM
SAML, OIDC, group provisioning. Per-module / per-env roles.
Backups + restore
Daily snapshots, configurable retention, point-in-time restore.
Signed webhooks
HMAC + timestamp, replay protection, audit log per event.
Audit log
Every action signed, searchable, exportable, immutable.
Anomaly detection
Behavioural alerts on suspicious reads, exports, role changes.
Penetration testing
Quarterly external pentest. Reports + remediation on file.
Operational
The boring stuff we don't cut corners on.
- All employees go through annual security training + background check
- Production access requires hardware MFA + reviewed PR
- No customer data in non-prod environments without explicit consent
- Vendor risk assessment for every sub-processor
- Bug bounty program with HackerOne — average payout ₹40k
- Disaster recovery plan tested quarterly, RPO 1h, RTO 4h
Talk to security, not sales.
We'll send you our SOC 2 report, pentest summary, and DPA — under NDA, same day.
Request reports