Loading...
Loading...
SECURITY & COMPLIANCE
Your operations data is the lifeblood of your business. We protect it with enterprise-grade security controls — the same standards used by Fortune 500 companies — because you shouldn't have to choose between operational efficiency and data security.
Defense-in-depth security across every layer of the platform
All data encrypted in transit using TLS 1.3 and at rest using AES-256. Integration credentials (BC, Shopify, shipping API keys) encrypted with AES-256-GCM using versioned keys — never stored in plaintext.
Each customer's data is completely isolated at the database level using row-level security (RLS) policies. Your data is never accessible to other customers — not in queries, not in exports, not in error messages.
Fine-grained permissions across seven specialized user roles: Developer, Admin, User, Sales, Finance, Warehouse, Operations Manager, and Vendor. From read-only access to full admin controls — you decide who can see and do what.
Every sensitive operation is logged to an append-only audit trail. Track who did what, when, with full accountability. Audit logs cannot be modified or deleted — even by administrators.
TOTP-based two-factor authentication available for all users. Protect your account with industry-standard MFA using any authenticator app. Rate limiting and account lockout protect against brute-force.
Hosted on Vercel's global edge network with automatic DDoS protection and HSTS enforcement. Database on Supabase with SOC 2 Type II certification. All infrastructure providers maintain enterprise-grade security.
We take compliance seriously and continuously work to meet industry standards
Readiness assessment complete with controls implemented across Security, Availability, and Confidentiality trust principles. Logical Access Controls, System Operations, Change Management, Availability, and Confidentiality categories all show 100% implementation. All seven required policy documents are drafted and pending management approval.
12-month audit window in progress. Type II certification expected Q4 2027 — extending the Type I controls into demonstrated operating effectiveness over time.
Security controls continuously monitored via Sentry error tracking with performance monitoring. All code changes go through automated CI/CD pipeline with TypeScript type checking, ESLint static analysis, automated test suite, and build verification before deployment.
Full GDPR-compliant data deletion workflow. Tenant data can be exported or permanently deleted upon request with complete audit trail. Data residency selection (US/EU) available at signup.
Accessibility standards compliance for all customers. Audit and certification on the roadmap for Q4 2027.
International security standard certification planned for Q1 2029 as part of our enterprise maturity milestones.
All third-party vendors maintain SOC 2 Type II certification: Supabase (Database & Auth), Vercel (Hosting & CDN), Microsoft Azure (Business Central), and Shopify (E-commerce).
Documented policies and procedures govern our security operations
Customer data is retained for the duration of the subscription plus 30 days. Upon request, data can be exported or permanently deleted with full GDPR-compliant deletion workflow and audit trail.
We maintain a documented incident response plan with defined escalation procedures and communication SLAs. Security incidents are investigated, contained, and communicated within defined timeframes.
Automatic database backups with point-in-time recovery. Multi-region infrastructure ensures high availability and disaster recovery.
Regular access reviews ensure users have appropriate permissions. Terminated users are deactivated immediately with session invalidation via admin force-logout capability.
Silverback offers data residency selection for customers with geographic data requirements. Choose US or EU data storage at signup to meet GDPR and other regional compliance requirements.
For food manufacturers on the FDA Traceability List, Silverback's Food Service edition includes lot tracking with FIFO/FEFO and expiration alerts, Key Data Element (KDE) capture at receiving, transformation, and shipping, Critical Tracking Event (CTE) logging, 24-hour mock recall capability, audit-ready traceability reports, and recipe management with allergen control. The FDA deadline is July 2028 — 28% of food businesses report not being ready.
We partner with industry-leading providers who maintain the highest security standards
Database & Auth
SOC 2 Type II Certified
Hosting & CDN
SOC 2 Type II Certified
Business Central
SOC 2 Type II Certified
E-commerce
SOC 2 Type II Certified
For food manufacturers on the FDA Traceability List, Silverback's Food Service edition includes full FSMA 204 compliance. The FDA deadline is July 2028 — 28% of food businesses aren't ready.
Silverback gives food manufacturers runway to implement compliance integrated with your operations — not as another standalone system. Ships Q1 2027 with the Food Service edition.
Our security team is available to answer questions and provide documentation for your vendor security review.
Contact us at security@silverback-usa.com