Security Overview

At Terragate, security is not an afterthought it's built into everything we do. We understand that our customers trust us with their critical infrastructure configurations, and we take that responsibility seriously.

Our platform is built on secure, enterprise-grade infrastructure: • Hosted on AWS with multi-region redundancy • All data encrypted at rest using AES-256 encryption • All data encrypted in transit using TLS 1.3 • Regular security audits and penetration testing • SOC 2 Type II compliance (in progress) • ISO 27001 certification (in progress)

We implement comprehensive application security measures: • Secure development lifecycle (SDLC) • Regular dependency vulnerability scanning • Static and dynamic code analysis • Web Application Firewall (WAF) protection • DDoS mitigation • Rate limiting and abuse prevention

We enforce strict access control policies: • Role-based access control (RBAC) • Multi-factor authentication (MFA) support • Single Sign-On (SSO) integration • Session management and timeout controls • Audit logging of all access and changes • Principle of least privilege for all systems

Your data is protected through multiple layers: • Logical separation of customer data • Regular automated backups • Point-in-time recovery capabilities • Data retention policies • Secure data deletion procedures • No access to customer data without explicit permission

We handle your cloud credentials with extreme care: • Credentials are encrypted using envelope encryption • Never stored in plain text or logs • Access is strictly limited and audited • Support for temporary credentials and role assumption • Integration with cloud provider secret managers • Regular credential rotation recommendations

Our network is protected by: • Virtual Private Cloud (VPC) isolation • Network segmentation and micro-segmentation • Intrusion detection and prevention systems • Real-time threat monitoring • Regular vulnerability assessments • Strict firewall rules and security groups

We have a comprehensive incident response plan: • 24/7 security monitoring • Defined incident classification and escalation procedures • Rapid response team for security incidents • Customer notification within 72 hours of confirmed breach • Post-incident analysis and remediation • Regular incident response drills

Our team follows strict security practices: • Background checks for all employees • Security awareness training • Secure coding training for developers • Access based on job requirements • Regular security policy reviews • Signed confidentiality agreements

We are committed to meeting industry standards: • GDPR compliant • CCPA compliant • SOC 2 Type II (in progress) • ISO 27001 (in progress) • Regular third-party security audits

We welcome responsible security research: • Report vulnerabilities to security@terragate.io • We aim to respond within 48 hours • No legal action for good-faith research • Recognition for valid security reports • Please do not access customer data during testing

For security-related inquiries or to report a vulnerability: Email: security@terragate.io PGP Key: Available upon request