Skip to content
regLogic®
Security & Trust

Built for procurement before it ships.

RegLogic is built to clear the security questionnaires of state agencies, federal contractors, and Fortune 1000 EHS departments. Below is the posture today and the procurement-ready documentation available on request.

Request the procurement packet
Posture

Security posture today.

Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3). Database backups encrypted.

Authentication

MFA enforced for all admin accounts. Customer SSO via SAML 2.0 and Microsoft Entra. SCIM for provisioning.

Monitoring

24/7 monitoring of API, app, and infrastructure. Automated alerting on anomalous patterns. Audit log retained per tier.

Disaster recovery

Daily automated backups. Quarterly restore tests. Documented runbooks for incident response.

Compliance certifications

Where we stand on certifications.

  • SOC 2 Type IIin process
  • ISO 27001planned 2027
  • Section 508 / WCAG 2.2 AAin process
  • GDPR-compliant DPAavailable
  • HIPAA BAAavailable on request
  • FedRAMP-equivalent postureFederal/Enterprise tier
Sub-processors

Who we use.

  • Vercel
    Hosting, edge network
  • Cloudflare
    DNS
  • AWS
    Storage, backups
  • Supabase
    Database (managed Postgres)
  • Stripe
    Subscription billing
  • Amazon SES
    Transactional email
  • OpenAI
    Embedding (regulatory text only, no PII)
  • Anthropic
    Generative summarization (no PII)
  • GoHighLevel
    CRM (lead capture only)
Vulnerability disclosure

Found something? We want to hear about it.

If you believe you’ve found a security vulnerability in RegLogic, please email security@reglogic.com with details.

We’ll acknowledge receipt within 1 business day, validate the report within 5 business days, and coordinate disclosure with you. We don’t pursue legal action against good-faith security research.

Email security team

Need the full procurement packet?

Security questionnaire, DPA, sample MSA, references, sent within 2 business days.

Request the packet