Security
Updated: October 2025

Security at Soofte

Security is a top priority at Soofte. We implement multiple layers of protection across data, infrastructure, operations, and development to ensure your community and information remain secure.

Data & Infrastructure

  • End-to-end encryption: All data is encrypted both at rest and in transit using industry-standard security protocols
  • Military-grade AES-256-GCM encryption: Sensitive data in the database is protected using AES-256-GCM, a military-grade encryption algorithm trusted by government and defense organizations
  • Hardened server access: All virtual servers are accessible only via SSH private keys with password authentication completely disabled
  • Network isolation: Each host is protected by host-based firewalls with strict rules ensuring only necessary ports are exposed

Access & Monitoring

  • Multi-factor authentication: All infrastructure management portals require MFA in addition to strong passwords
  • Principle of least privilege: System access is granted only to those who need it, with minimal necessary permissions
  • Comprehensive activity logging: All bot actions and system operations are logged and monitored for suspicious activity
  • Access attempt tracking: Every access attempt to our systems is logged and reviewed for security anomalies
  • Real-time monitoring: Continuous monitoring of system health and uptime

Operations & Development

  • Zero-trust secrets management: Secret keys, tokens, and credentials are never stored in code or on disk; all secrets are fetched at runtime from SOC 2 Type 2 and ISO 27001 certified secrets management infrastructure
  • Automated secret rotation: Critical secrets including API keys and tokens are rotated on a regular schedule to minimize exposure risk
  • Private repositories: All source code is stored in private Git-based repositories with access controls

Incident Response

  • 24-hour response time: Critical security incidents are addressed within 24 hours of detection or notification
  • Transparent communication: Affected customers are notified directly with clear information about any security incidents that may impact them
  • Continuous improvement: Post-incident analysis is conducted to identify root causes and implement preventive measures

Responsible Disclosure

  • Security research welcome: We encourage responsible security research and appreciate reports of potential vulnerabilities
  • Rewards program: Valid security findings are eligible for rewards up to €1,000 depending on severity and impact
  • Report vulnerabilities: Contact us at security@soofte.com with details of any security concerns
  • 48-hour acknowledgment: All security reports receive an acknowledgment within 48 hours
  • Good-faith commitment: We will not pursue legal action against researchers who follow responsible disclosure practices and act in good faith

Learn more

Learn about Copilot Join now