Security philosophy
Security is foundational, not an afterthought:
- Defense in depth: Multiple layers of protection
- Least privilege: Minimal access by default
- Continuous monitoring: Always watching for threats
- Regular assessment: Ongoing security testing
Encryption
In transit
- TLS 1.2+ for all connections
- HTTPS enforced everywhere
- API traffic encrypted
- Secure WebSocket connections
At rest
- AES-256 encryption for stored data
- Encrypted database storage
- Encrypted backups
- Key management best practices
Infrastructure security
Cloud platform
- Hosted on enterprise-grade cloud infrastructure
- SOC 2 compliant hosting providers
- Geographically distributed for reliability
- Regular patching and updates
Network security
- Firewalls and network segmentation
- DDoS protection
- Intrusion detection systems
- Traffic monitoring
Application security
- Secure development practices
- Code review and testing
- Dependency vulnerability scanning
- Regular penetration testing
Access controls
For our team
- Role-based access control (RBAC)
- Multi-factor authentication required
- Audit logging of access
- Principle of least privilege
For users
- Strong password requirements
- Optional multi-factor authentication
- Session management
- Account lockout protection
Data protection
Backup and recovery
- Regular automated backups
- Geographically distributed
- Tested recovery procedures
- Encryption of backup data
Data isolation
- Logical separation of customer data
- Access controls between tenants
- No cross-customer data access
- Audit trails for data access
Incident response
Preparedness
- Documented incident response plan
- Trained response team
- Regular drills and testing
- Communication procedures
If an incident occurs
- Rapid containment
- Investigation and remediation
- Notification as required by law
- Post-incident review and improvement
Compliance and certifications
Current
- GDPR compliant
- CCPA compliant
- SOC 2 Type II (hosting infrastructure)
Ongoing
- Regular compliance assessments
- Third-party audits
- Certification maintenance
- Regulatory monitoring
Vendor security
Third-party assessment
We vet all vendors for:
- Security practices
- Compliance certifications
- Data handling policies
- Incident history
Subprocessors
- Limited to necessary services
- Contractual security obligations
- Regular review and monitoring
- List available on request
Security documentation
Available for enterprise customers:
- Security whitepaper
- Penetration test summaries
- Compliance certifications
- Vendor questionnaire responses
Contact your account manager or support to request.
Reporting vulnerabilities
If you discover a security issue:
- Email: security@daily.dev
- Do not publicly disclose before resolution
- We appreciate responsible disclosure
- Recognition for valid reports
Security commitment
We continuously invest in security:
- Dedicated security resources
- Regular training for all staff
- Emerging threat monitoring
- Industry best practice adoption
Your data's security is our priority.