Security & Compliance
Data Protection
- • AES-256 encryption at rest, TLS 1.3 in transit
- • Customer-managed encryption keys available
- • Field-level encryption for PHI, PCI, and PII data
Compliance & Governance
- • SOC 2 Type II, ISO 27001, GDPR, HIPAA
- • FedRAMP Moderate authorization in progress
- • Regular third-party audits and continuous control monitoring
Operational Resilience
- • Active-active architecture across US, EU, and APAC regions
- • RPO < 15 minutes; RTO < 1 hour
- • Quarterly disaster recovery exercises with executive sign-off
Secure Development
- • Shift-left security with SAST, DAST, SCA pipelines
- • Mandatory threat modeling and peer review for all releases
- • Bug bounty program and coordinated disclosure
Privacy & Data Residency
Choose regional hosting in the United States, European Union, or Asia-Pacific. Data processing agreements (DPAs) and Standard Contractual Clauses (SCCs) are available. Optional single-tenant and sovereign deployments ensure data never leaves your jurisdiction.
Security Operations
- • 24/7 SOC monitoring with automated threat detection and response.
- • Monthly penetration testing by CREST-certified partners.
- • Vulnerability disclosure program with security@galactis.ai.
Talk to our Security Team
Email dpo@galactis.ai for privacy inquiries or security@galactis.ai for incident coordination.
Schedule a briefing