Security & Compliance

Enterprise-Grade Security. No Compromises.

Threatwhere is built for organisations that handle sensitive intelligence. Every layer — from authentication to data storage — is designed to meet the highest security standards.

Compliance & Certifications

Independently verified security controls that your compliance team can trust.

COMPLIANT

SOC 2 Type II

Independent third-party audit of our security controls, availability, and confidentiality. Continuous monitoring ensures controls remain effective year-round.

READY

GDPR

Full data subject rights support including access, rectification, erasure, and portability. Data processing agreements available for all enterprise customers.

ALIGNED

ISO 27001

Information security management system aligned to ISO 27001 standards. Risk-based approach to protecting intelligence data at every layer.

Security Architecture

Defence in depth at every layer. From network edge to database row.

End-to-End Encryption

Industry-standard encryption at rest and in transit. All intelligence data is encrypted before storage and during every network hop.

Data Isolation per Organisation

Strict tenant isolation at the database level. Each organisation operates in a fully segregated environment with no cross-tenant data access.

Secure Headers & Forced HTTPS

Strict Content Security Policy, HSTS preloading, X-Frame-Options, and automatic HTTPS redirect. Every request is hardened by default.

Role-Based Access Control

Granular permission model with organisation owner, admin, analyst, and viewer roles. Restrict access to intelligence by clearance level.

AUTHENTICATION

Identity Security Built for Teams

Threatwhere supports multiple authentication methods to fit your organisation's security posture. Enforce MFA across your team, manage active sessions, and integrate with your existing identity provider.

Multi-factor authentication (TOTP)
Recovery codes for account recovery
OAuth providers (Google & Microsoft)
Session management — view and revoke all active sessions
AUDIT LOG

Every Action. Fully Logged.

Complete audit trail across your organisation. Know who accessed what, when, and from where.

View
Create
Update
Delete
Share
Comment
Track
Export
Escalate
Entity-level tracking — every event, incident, country, and report access is recorded
Export audit logs as CSV for compliance reporting and external review
Organisation-wide audit log accessible to admins with advanced filtering

Infrastructure

Purpose-built infrastructure for intelligence-grade data handling.

Encrypted Relational Storage

Serverless database infrastructure with automatic scaling, point-in-time recovery, and encryption at rest. Data isolated per tenant.

Vector Intelligence Engine

High-dimensional vector embeddings for semantic intelligence search and AI-powered analysis. Purpose-built for threat correlation.

Encrypted Session Layer

In-memory session management, rate limiting, and request caching. All transient data encrypted at rest with automatic expiry.

Global Edge Network

Multi-region edge deployment with enterprise DDoS protection, automatic failover, and zero-downtime deployments.

Request Security Documentation

Need our SOC 2 report, penetration test results, or a security questionnaire? Get in touch and we'll share everything your compliance team needs.