Security
Contents
SKUsafe is committed to maintaining enterprise-grade security practices and supporting regulatory and compliance requirements common in food & beverage, manufacturing, and regulated supply chain environments.
We design our systems with confidentiality, integrity, availability, and auditability as core principles.
Security Controls
Data Transmission & Encryption
- All data transmitted between users and SKUsafe is encrypted in transit using TLS 1.2+.
- Internal service-to-service communication occurs within private cloud networking and is not exposed to the public internet.
- Customer data is encrypted at rest using industry-standard encryption mechanisms provided by our cloud infrastructure provider.
- Encrypted backups are performed regularly.
Authentication & Access Control
SKUsafe implements modern authentication and authorization controls to ensure that only authorized users may access customer data.
Controls include:
- OAuth 2.0–based authentication
- Role-based access control (RBAC)
- Organization-level data isolation
- Principle of least privilege enforcement
- Encrypted credential storage
Administrative access to production infrastructure is restricted to authorized personnel and logged.
Infrastructure & Cloud Hosting
SKUsafe infrastructure is hosted on DigitalOcean data centers located exclusively within the United States.
Infrastructure protections include:
- Private VPC networking
- Network-level firewalls
- Managed database infrastructure
- Automated backups
- OS and dependency patching
- Infrastructure monitoring and alerting
DigitalOcean security documentation is available at: https://www.digitalocean.com/security
Logging, Monitoring & Audit Trails
SKUsafe maintains comprehensive logging and monitoring across platform infrastructure and application systems.
Capabilities include:
- Centralized logging
- Security event monitoring
- Performance monitoring
- Alerting on anomalous activity
- Administrative access logging
- Customer activity audit logs
Audit trails are designed to support internal governance, investigations, and regulatory documentation requirements.
Incident Response
SKUsafe maintains documented incident response procedures that include:
- Detection and classification
- Containment and remediation
- Root cause analysis
- Corrective action tracking
- Customer notification when applicable
Incidents are escalated according to severity and handled by designated personnel.
Compliance & Regulatory Posture
SOC 2
SKUsafe is currently progressing toward SOC 2 compliance. Our security controls, policies, and operational processes are designed to align with SOC 2 Trust Services Criteria.
21 CFR Part 11 Alignment
The platform is designed to support customer compliance with FDA 21 CFR Part 11 requirements where applicable.
Features that support compliance workflows include:
- User authentication controls
- Permission-based access restrictions
- System audit trails
- Record versioning
- Change tracking
- Approval workflows
- Electronic record traceability
Customers are responsible for configuring procedural controls and validation processes required for regulatory compliance.
Data Ownership & Confidentiality
Customers retain full ownership of their data.
SKUsafe:
- Does not sell customer data
- Does not access customer data except as necessary for support or legal compliance
- Limits internal access to authorized personnel only
- Maintains strict confidentiality obligations
AI Usage & Data Protection
SKUsafe incorporates artificial intelligence features to assist with workflows such as document review, ingredient analysis, labeling validation, and data structuring.
We use models provided by leading AI research labs, including but not limited to Anthropic, OpenAI, and Google.
To protect customer data:
- Customer data is never used to train public AI models
- AI providers are contractually restricted from using customer data for model training
- Data shared with AI providers is limited to what is necessary for the requested task
- Customer data remains logically isolated at all times