Security · plain-English

How we keep your data + reputation safe.

We run customer UGC for regulated industries. The bar is high. The story below is what is true today — not the marketing version. Where something is on the roadmap, we say so.

99.95%
uptime · trailing 90d
eu-west-1
AWS · single region
90 d
audit retention · 1 y on request
< 72 h
breach notification

Request the SOC 2 + DPA Live status

trust.idukki.io · live

Events processed · 24h

284,173

UGC posts · rights requests · widget impressions

Region

AWS eu-west-1

Dublin · single-region

Uptime · trailing 90d

99.95%

measured · status.idukki.io

Event tail · last 4

TLS 1.3 ✓inbound · widget.js0s
AES-256 ✓tenant 0x7a2 · put0.4s
RBAC ✓rights.read · ok1.1s
Audit ✓login · sso · okta1.6s

Posture · today

Encryption
TLS 1.3 · AES-256
Live
SSO + RBAC
Okta · Azure · Google
Live
Audit log
90 d · 1 y on req
Live
Pen-test · annual
CREST · last May
Live
SOC 2
Type I · in progress
In prog
ISO 27001 / PCI
2026 roadmap
Roadmap

Request rate · per s

The full posture

Six surfaces, every line annotated as live, in progress or on the roadmap. The DPA goes deeper on each row and is the procurement-ready version of this page.

Compliance posture
- SOC 2 Type I
  In progress · audit window open
  In prog
- GDPR / UK GDPR
  Self-attested · DPA available
  Live
- CCPA · CPRA
  Self-attested · DSAR workflow
  Live
- India DPDP
  Self-attested · data fiduciary
  Live
- ISO 27001
  2026 roadmap
  Roadmap
- PCI DSS
  2026 roadmap · we do not store PAN
  Roadmap
Access + identity
- TLS 1.3
  Inbound + outbound · HSTS
  Live
- AES-256 at rest
  Database + object storage
  Live
- SAML 2.0 SSO
  Okta · Azure AD · Google Workspace
  Live
- Role-based access
  Owner / Admin / Editor / Viewer
  Live
- MFA
  Required for all staff accounts
  Live
Infrastructure
- Region
  AWS eu-west-1 · Dublin
  Live
- Edge + CDN
  Vercel · Cloudflare
  Live
- Secrets management
  AWS Secrets Manager · KMS rotated
  Live
- Backups
  Daily snapshots · 30-day retention
  Live
- Multi-region failover
  Roadmap · 2027
  Roadmap
Data + retention
- Tenant isolation
  Per-tenant ID, row-level scoping
  Live
- Audit log retention
  90 days standard · 1 year on customer request
  Live
- GDPR deletion SLA
  30 days · documented in DPA
  Live
- Sub-processors
  Public list · email-notified change
  Live
- Data export
  Self-serve · JSON + CSV
  Live
Monitoring + assurance
- Application monitoring
  Sentry · OpenTelemetry · 24/7
  Live
- Anomaly alerting
  Auth + billing + rate-limit
  Live
- Annual pen test
  Independent · last May 2026
  Live
- Bug bounty
  security@idukki.io · scope-limited
  Live
- On-call ack
  < 15 min business / 30 min nights
  Live
Incident response
- Public status page
  status.idukki.io · uptime + incidents
  Live
- Customer notification
  72 hours of confirmed disclosure
  Live
- DPA breach clauses
  Contractually committed timelines
  Live
- DR drills
  Quarterly tabletop · results in DPA bundle
  Live

Procurement

Need the DPA, sub-processor list and security questionnaire?

We ship a single ZIP — DPA (with SCCs), sub-processor register, redline-friendly MSA, SIG-Lite, the current penetration test executive summary, and the trailing-quarter SOC 2 audit progress note. Request it once, route it through legal.