Secure software development
Every engagement follows a secure SDLC: threat modelling (STRIDE), peer-reviewed PRs, SAST/DAST in CI, dependency scanning and signed artifacts via OIDC-authenticated GitHub Actions.
Legal · Security
Security at Snepitech
How we engineer, operate and continuously verify the security of the systems we build for our clients.
Last updated: April 28, 2026
Infrastructure security
Production workloads run on AWS with multi-AZ redundancy, hardened VPCs, WAF, secret vaulting (HashiCorp Vault / AWS Secrets Manager) and least-privilege IAM enforced through Terraform-modular landing zones.
Data protection
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Customer data is logically isolated per tenant. Backups are encrypted, versioned and tested through quarterly restore drills.
Identity & access
OAuth 2 / OIDC for end-user authentication, SSO + MFA enforced for all internal access, role-based access control with quarterly access reviews and immediate de-provisioning on role change.
Monitoring & incident response
Real-time SLO dashboards (Datadog, OpenTelemetry), structured audit logs, and a documented incident response playbook with severity tiers, on-call rotations and post-incident reviews.
Compliance posture
Snepitech operates SOC 2-aligned controls and supports clients with GDPR, ISO 27001 and PCI-DSS scoped requirements. Security questionnaires and evidence packs are available on request.
Responsible disclosure
If you believe you have discovered a security issue, please email security@snepitech.com. We acknowledge reports within 48 hours and work in good faith with reporters to validate and remediate findings.