Bank-Grade Security for Your Supply Chain
We manage critical information from thousands of suppliers and millions in transactions. That's why our security architecture isn't an "extra" — it's the foundation of everything we do.
"Sleeping soundly is part of the service."
Our Protection Pillars
Strong Data Encryption
Your data travels protected. We use TLS 1.3 for all data in transit and AES-256 encryption for stored data. Passwords are stored hashed, and our support team only accesses your environment under your express, time-limited authorization.
Resilient Infrastructure
Hosted on Amazon Web Services (AWS) with redundancy across multiple availability zones. If one server fails, another takes over automatically. Your operation stays available.
Continuous Monitoring
We monitor threats continuously with automated detection (AWS GuardDuty and CloudTrail). We block malicious traffic before it reaches the platform using a web application firewall (WAF) and anti-DDoS protection.
Regional Regulatory Compliance
We don't just protect bits — we protect your legal liability.
Colombia
Our platform supports the supplier know-your-vendor and due diligence processes required by our clients' Sagrilaft / Sarlaft / PTEE programs, and Egixia complies with the Colombian personal data protection regime (Law 1581 of 2012).
Mexico
Our data processing takes the LFPDPPP as a reference to facilitate compliance for our clients in Mexico.
Regional & Global
We apply good practices aligned with international privacy standards (such as GDPR and LGPD) on data minimization, security and data subject rights. Client-specific regulatory requirements are agreed in the service contract.
Audits & Certifications
Backed by the most audited infrastructure in the world and by periodic external security testing.
Certified infrastructure (AWS)
We run on Amazon Web Services infrastructure, certified under ISO 27001, SOC 1/2/3 and PCI DSS.
Bi-annual penetration testing
We engage independent external specialists to test our security twice a year. An executive report is available under NDA.
SOC 2 (aligned, not certified)
Our security, availability and confidentiality controls are structured taking the SOC 2 framework as a reference. We do not yet hold a SOC 2 Type II report; we will publish the update when one is available under NDA.
Security FAQ
Where is my data hosted?
In Amazon Web Services (AWS) data centers in the U.S., Northern Virginia region, with the highest physical certifications on the market. See also the International Data Transfer section of our Privacy Policy.
Who has access to my information?
Your team controls access via roles and permissions. Our support staff only accesses under your express, time-limited authorization.
What happens in a disaster?
We have a tested Business Continuity Plan (BCP). We perform daily backups and can restore your operation in under 4 hours.
Incident Management
We maintain a security incident response procedure that includes detection, containment, root-cause analysis and remediation. In the event of an incident affecting a client's data, we will notify the affected client without undue delay once the incident is confirmed, with the information available on its scope and the measures taken, in accordance with the service agreement and applicable legal obligations (including reporting to the Colombian SIC where applicable). To report a vulnerability or an incident: security@egixia.com.
Report an incident: security@egixia.com