Built to be audited.
SabNode runs sensitive payroll, customer data, and financial records, and treats that responsibility seriously. Here is exactly what we do.
Certifications
Audited, signed, available on request.
SOC 2 Type II
Annual audit by an independent firm. Report on request under NDA.
ISO 27001
Information security management, certified.
DPDP (India)
Data Protection and Digital Privacy compliance toolkit, built in.
GDPR (EU)
DSR workflows, data residency in the EU, DPA available.
HIPAA-ready
BAA available for Scale and up plans serving US healthcare.
PCI DSS
Card data tokenised, we never store PANs.
9 pillars
The security posture, in plain English.
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit, BYO-KMS / HSM on Enterprise.
Region pinning
Choose IN / EU / US. Data never leaves the region, backups too.
Encrypted document vault
SabFiles Vault encrypts sensitive files in your browser — zero-knowledge, with access controls and a full audit trail.
SSO + SCIM
SAML, OIDC, group provisioning. Per-module and per-env roles.
Backups + restore
Daily snapshots, configurable retention, point-in-time restore.
Signed webhooks
HMAC + timestamp, replay protection, audit log per event.
Audit log
Every action signed, searchable, exportable, immutable.
Anomaly detection
Behavioural alerts on suspicious reads, exports, role changes.
Penetration testing
Quarterly external pentest. Reports and remediation on file.
Operational
The boring stuff we don't cut corners on.
- All employees go through annual security training and a background check
- Production access requires hardware MFA and a reviewed PR
- No customer data in non-prod environments without explicit consent
- Vendor risk assessment for every sub-processor
- Bug bounty program with HackerOne, average payout 40k rupees
- Disaster recovery plan tested quarterly, RPO 1h, RTO 4h
Talk to security, not sales.
We'll send you our SOC 2 report, pentest summary, and DPA under NDA, same day.