Security Policy

Effective Date: August 18, 2025
Last Updated: August 18, 2025

This page is operated by SuperNomics Technologies Inc.

Our Security Commitment

We align with SOC 2 and are undergoing a SOC 2 Type II audit.
We design for confidentiality, integrity, and availability.

Key Controls

Encryption: TLS 1.3+, AES-256 at rest.
Identity & Access: SSO, MFA, RBAC, session timeouts.
Network & Edge: WAF, CDN, DDoS protection, TLS termination.
Data Isolation: tenant isolation, prod/stage/dev separation.
Secure SDLC: code review, threat modeling, SAST/DAST.
Observability: centralized logging, anomaly detection.
Vulnerability Management: weekly scans, patch SLAs.
Backups & DR: daily encrypted backups, recovery runbooks.
Third-Party Risk: DPAs with subprocessors.
Employee Security: training, device security, phishing simulations.

AI & Data Handling

Only minimum-necessary data shared with AI providers.
No training without explicit opt-in.
Privilege-aware safeguards for legal data.

Incident Response

24/7 monitoring and containment.
Notification within 72 hours where required.
Root-cause analysis shared.

Responsible Disclosure

Report to security@supernomics.ai
Security.txt:
- supernomics.ai/.well-known/security.txt
- sque.ai/.well-known/security.txt

Related Documents