Security Policy
Describes Capantra’s security principles and controls used to protect the platform, customer data, and operations.
On this page (tap to expand)
Procurement summary (tap to expand)
Procurement-friendly overview of security controls and practices; suitable for early-stage enterprise diligence.
- Encryption in transit/at rest where applicable
- Role-based access controls and least privilege
- Monitoring, logging, and incident response
- Maintain reasonable safeguards appropriate to risk
- Evolve controls as platform scales (e.g., SOC2 roadmap if pursued)
1. Security Principles
- Least privilege access
- Defense-in-depth controls
- Secure-by-default architecture
- Incident preparedness and response
2. Controls
- Encryption in transit (TLS) and at rest where applicable
- Role-based access controls and audit logs
- Monitoring and alerting for abnormal usage patterns
- Dependency and patch management
3. Incident Response
We maintain incident handling procedures and will notify customers where required by law or contract when customer data is impacted.
Versioning & change log
Current version: v0.2
- Added enterprise procurement summary section
- Added change log and versioning
- Clarified AU/US/EU scope and responsibilities
- Initial policy draft published
Policies may be updated for regulatory, security, or product reasons. Material changes will be communicated where required.
This policy is provided for transparency and does not constitute legal advice.
1. Security Principles
- Least privilege access
- Defense-in-depth controls
- Secure-by-default architecture
- Incident preparedness and response
2. Controls
- Encryption in transit (TLS) and at rest where applicable
- Role-based access controls and audit logs
- Monitoring and alerting for abnormal usage patterns
- Dependency and patch management
3. Incident Response
We maintain incident handling procedures and will notify customers where required by law or contract when customer data is impacted.
Versioning & change log
Current version: v0.2
- Added enterprise procurement summary section
- Added change log and versioning
- Clarified AU/US/EU scope and responsibilities
- Initial policy draft published
Policies may be updated for regulatory, security, or product reasons. Material changes will be communicated where required.
This policy is provided for transparency and does not constitute legal advice.