Security

Infrastructure

Adamic is hosted on enterprise-grade cloud infrastructure with data centers that maintain SOC 2, ISO 27001, and ISO 27017 certifications. Our infrastructure is deployed in the Asia-Pacific region to serve our primary customer base with low latency and compliance with regional data residency expectations.

All systems run in isolated environments with network-level segmentation, automated patching, and continuous monitoring.

Encryption

In transit: All data transmitted to and from Adamic is encrypted using TLS 1.2 or higher. We enforce HSTS (HTTP Strict Transport Security) with preload across all domains and subdomains.

At rest: All stored data is encrypted using AES-256 encryption. Database backups and file storage are encrypted with provider-managed keys, with customer-managed key support on our roadmap.

Authentication and Access Control

• Role-based access control (RBAC) governs all user permissions within the platform
• Multi-factor authentication (MFA) is available for all user accounts
• Internal access to production systems requires MFA, SSH key authentication, and is restricted to authorized personnel on a least-privilege basis
• All access is logged and auditable

Application Security

• Input validation and output encoding to prevent injection and cross-site scripting attacks
• Content Security Policy (CSP) headers enforced across all web properties
• Regular dependency scanning and automated vulnerability detection in our CI/CD pipeline
• Secrets management through dedicated vaults, never stored in code repositories

Email Security

Adamic implements the full email authentication stack to protect our domain and our customers' inboxes:

• SPF: Strict sender policy limiting authorized mail servers
• DKIM: Cryptographic signing of all outbound emails
• DMARC: Enforced at p=reject with full reporting, preventing domain spoofing
• DNSSEC: Enabled to protect against DNS tampering

Data Handling

• We do not sell, share, or provide customer data to third parties for advertising or marketing purposes
• We do not use customer data to train AI or machine learning models
• Customer data is logically isolated between accounts
• Data retention and deletion follow documented policies aligned with contractual commitments

Vendor Security

Third-party services integrated into our platform are evaluated for their security posture prior to adoption. We limit data sharing with vendors to the minimum necessary and require appropriate security certifications.

Incident Response

We maintain a documented incident response plan that covers identification, containment, eradication, recovery, and post-incident review. In the event of a security incident that affects customer data, we commit to notifying affected customers within 72 hours in accordance with applicable regulations.

Compliance Roadmap

Adamic is actively pursuing formal security certifications as part of our commitment to enterprise readiness:

• SOC 2 Type II — Planned
• PDPA (Singapore) — Compliant
• GDPR — Compliant for EU data subjects

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. Please see our Responsible Disclosure Policy for guidelines and contact information.

To report a security issue: [email protected]

Questions

For security-related inquiries, vendor security questionnaires, or to request our security documentation, contact us at [email protected].