Security and privacy, by design

Anubion reads your Azure compliance posture, so we hold ourselves to the same standards we help you meet. This page describes how the platform protects your data, where it lives, and which agreements govern it.

Security posture

Controls that protect your organization's data throughout the platform.

Encryption

  • TLS 1.2+ for all traffic in transit; HSTS enforced.
  • Encryption at rest for databases and storage (Azure-managed).
  • Customer Azure credentials are stored encrypted and are never exposed back through the API.

Access control & tenant isolation

  • Role-based access with organization scoping: users only see their own organization's tenants.
  • Every tenant-scoped API request is authorized against organization membership on the server.
  • Account lockout and rate limiting protect sign-in against brute force.

Auditability

  • Platform-wide audit log covering sign-ins, user and organization changes, and credential updates.
  • Audit events are exportable (CSV) for your own compliance evidence.

Platform operations

  • Hosted on Microsoft Azure with managed patching and monitoring.
  • Read-focused access model: the platform reads compliance signals from your tenant; remediation stays in your hands.
  • Least-privilege service principals: you control the roles granted to Anubion in your tenant.

Data residency

Anubion runs on Microsoft Azure in the European Union. Customer data (accounts, compliance results, and encrypted connection credentials) is stored and processed within EU data center regions.

Subprocessors

We keep the list of third parties that may process customer data deliberately short.

Subprocessor Purpose Location
Microsoft Azure Cloud hosting, database, and storage for the platform European Union
Azure Communication Services Transactional email (invitations, password resets, notifications) European Union

Agreements & privacy

The legal framework that governs how we process your data.

Data Processing Agreement

Our standard DPA covers GDPR processing terms, technical and organizational measures, and subprocessor commitments. Download the DPA (PDF).

Report a vulnerability

Found a security issue? Email support@anubion.io with details. We respond to verified reports and keep you informed through remediation.

Questions about security or compliance?

We are happy to walk your security team through the platform, complete vendor questionnaires, and review the DPA together.

Contact sales

Send us a message about pricing, rollout, or security reviews.

We use this information only to respond to your inquiry.

Want to try the product first? Start a 14-day free trial on our homepage