Data Security

Our Promise

Sitefy (“Sitefy”, “we”, “us”) is committed to protecting your data through technical controls, disciplined internal processes, and responsible operational practices.

Headquartered in San Francisco, California, we design and operate our products with security and privacy by default, aligned with federal standards and globally recognized best practices.

Security Principles

• Least-privilege and need-to-know access controls
• Encryption in transit and at rest by default
• Secure Software Development Lifecycle (SSDLC)
• Continuous monitoring and rapid incident response
• Vendor and sub-processor security due diligence
• Data minimization and purpose limitation
• Shared responsibility model

Regulatory Alignment

We align our frameworks with industry standards including ISO/IEC 27001, NIST Cybersecurity Framework, and OWASP ASVS. Our privacy practices are designed to comply with:

• CCPA/CPRA (California, US)
• GDPR / UK GDPR (Europe/UK)
• DPDP Act, 2023 (India)
• LGPD (Brazil) and PIPEDA (Canada)

Technical Safeguards

Encryption

We utilize TLS 1.2+ for data in transit and AES-256 (or equivalent) for data at rest, supported by secure key rotation and strict access controls.

Access Management

Mandatory Multi-Factor Authentication (MFA) for privileged access, SSO support (SAML/OIDC), and logged Just-In-Time access protocols.