Security & Compliance

Security is not a feature. It's the foundation.

At Texkit, we treat your data with the same rigor we apply to our own pipelines. From end-to-end encryption to rigorous third-party audits, we ensure your content remains yours.

Compose. Compile. Ship. With confidence.

Abstract security grid pattern representing data protection
Data Protection

Military-grade encryption standards.

In Transit (TLS 1.3)

All data transmitted between your local environment, the CLI, and Texkit Cloud is encrypted using the latest TLS 1.3 protocol. We enforce strict certificate pinning and forward secrecy.

At Rest (AES-256)

Stored artefacts and configuration files are encrypted at rest using AES-256 bit encryption. Keys are managed via AWS KMS with automatic rotation policies.

Certifications

SOC 2 Type II Certified

We have successfully completed an independent audit of our controls relevant to security, availability, and processing integrity.

Our SOC 2 Type II report covers the following Trust Services Criteria:

  • Security: Logical and physical access controls.
  • Availability: System reliability and uptime guarantees.
  • Processing Integrity: Accuracy and completeness of data processing.
  • Confidentiality: Protection of customer data.
CERTIFIED

SOC 2

Type II

Responsible Disclosure

Vulnerability Disclosure Policy

We encourage security researchers to find and report vulnerabilities. We value your contribution to keeping Texkit secure.

Process: Report a vulnerability via our dedicated portal. We will acknowledge receipt within 24 hours and aim to triage within 48 hours. We offer a 90-day disclosure window for fixes to be implemented.

What we reward: Critical and High severity vulnerabilities that do not compromise user data or require a complex exploit chain.

Report a Vulnerability
Infrastructure

Granular Access Controls

SSO Integration

Seamlessly integrate with Okta, Azure AD, and Google Workspace. Enforce SAML 2.0 for centralized identity management and single sign-on.

Role-Based Access (RBAC)

Define custom roles (Admin, Editor, Viewer) with granular permissions on projects, pipelines, and artefacts. Zero accidental deletions.

Immutable Audit Logs

Every action is logged with user ID, timestamp, IP address, and action taken. Logs are immutable and retained for 7 years for compliance.

Global Infrastructure

Data Residency Options

North America

US East (N. Virginia) and US West (Oregon). Data remains within US borders.

Europe

EU West (Ireland). GDPR compliant with data stored in the EU.

Asia Pacific

APAC (Singapore). Low latency access for teams in the region.

Transparency

Third-Party Audit Partners

We engage top-tier audit firms to validate our security controls annually. Our partners are:

  • KPMG LLP: SOC 2 and ISO 27001 certification.
  • Deloitte & Touche LLP: Infrastructure and cloud security assessments.
  • PwC: Privacy and data protection audits.

Our infrastructure is built on AWS GovCloud (US) and AWS Europe (Frankfurt), ensuring compliance with FedRAMP High and DORA standards.