DriftPatrol is engineered on a modern zero-trust architecture with layered controls. This overview summarizes the administrative, technical, and physical safeguards we implement. A complete security questionnaire, subprocessor list, and penetration-test attestations (once available) are furnished to qualified prospects under NDA.
The Service runs on Cloudflare's global edge network (Workers, Pages Functions, D1 database, Key-Value storage). All ingress traverses Cloudflare's WAF, DDoS protection, and bot-management layer. There is no traditional origin server; there are no open SSH ports; there are no long-running containers with standing credentials.
All traffic is served over HTTPS using TLS 1.2 or higher with modern cipher suites. HSTS is enforced. Automatic certificate renewal via the Cloudflare/Let's Encrypt pipeline.
Database storage (D1), KV storage, and R2 object storage are encrypted at rest using AES-256. Secrets and API keys are stored exclusively in Cloudflare's encrypted secret store, never in source control.
Customer authentication is passwordless via time-limited, single-use magic links bound to an email address and a short TTL. Sessions are tracked via HttpOnly, Secure, SameSite=Lax cookies. Administrative access to production infrastructure requires hardware-key MFA (WebAuthn) and is restricted to named personnel under a least-privilege policy. All administrative access is logged.
The Service emits structured logs for authentication events, billing events, administrative actions, crawl events, and errors. Logs are retained for up to thirteen (13) months. Automated alerting is configured for authentication anomalies, unusual crawl patterns, and infrastructure errors.
Each Customer's records are tenant-scoped by customer_id in every row of every table. Authorization is enforced at the query layer; every API handler revalidates the calling session against the target resource's tenant. No cross-tenant access paths exist in the codebase.
Source code is version-controlled in a private Git repository. Production deployments go through automated build, automated schema migration, and a manual promotion gate. A rollback command is executable within minutes. Configuration drift is prevented by infrastructure-as-code.
Dependencies are pinned and monitored for known CVEs through automated scanning. Patches for high-severity issues are deployed within seventy-two (72) hours of disclosure, and for critical issues within twenty-four (24) hours. A coordinated-disclosure program is published at [email protected].
The incident-response plan covers detection, triage, containment, eradication, recovery, post-mortem, and customer notification. The target notification window for confirmed Personal Data Breaches is seventy-two (72) hours per the DPA. Security contact: [email protected] (PGP key available on request).
The edge architecture provides inherent geographic redundancy. Database snapshots are captured daily and retained per the retention schedule. RPO target is twenty-four (24) hours; RTO target is eight (8) business hours. Tabletop exercises are conducted annually.
All subprocessors are assessed at onboarding and annually thereafter. Only providers with demonstrated security maturity and current attestations (SOC 2, ISO 27001, or equivalent) are engaged for the Processing of Customer Data. The full list is maintained in the DPA, Exhibit B.
All personnel with access to production systems complete security and privacy training at onboarding and annually. Background checks are performed where permitted by law. Contractor access is time-bounded and logged.
| Standard | Status | Target |
|---|---|---|
| GDPR / UK GDPR | Compliant | Ongoing |
| CCPA / CPRA | Compliant | Ongoing |
| SOC 2 Type I | In preparation | 2026 H2 |
| SOC 2 Type II | Planned | 2027 H1 |
| HIPAA (BAA on request) | Available upon execution | Case-by-case |
| ISO/IEC 27001 | Evaluation | 2027 |
Qualified prospects may request the complete security questionnaire, pen-test letter, subprocessor list, and architecture diagrams by emailing [email protected]. A mutual NDA is required before detailed documentation is shared.
