Security Policy

Overview

Rocketgraph, Inc. takes the security of its platform and customer data seriously. This policy describes the technical and organizational measures we implement to protect the systems and data entrusted to us. For on-premises deployments, the security of the customer's own infrastructure remains the customer's responsibility.

Infrastructure

• Hosted on AWS in the United States (us-east-1 / us-west-2).
• Network segmentation via VPC with private subnets for all data-plane services.
• All data encrypted in transit using TLS 1.2 or higher.
• All data encrypted at rest using AES-256.
• Access to production infrastructure is restricted to authorized personnel via short-lived credentials and MFA-enforced SSO.

Application Security

• Multi-tenant isolation enforced at the API layer via scoped authentication tokens.
• Dependency scanning and static analysis run on every code change.
• Secrets managed via environment-level secret stores — no secrets in source code.
• Rate limiting and abuse detection on all public-facing endpoints.

Access Control

• Role-based access control (RBAC) for all internal systems.
• Principle of least privilege applied across all services.
• Employee access is reviewed quarterly and revoked immediately upon offboarding.
• Rocketgraph personnel do not access customer data without explicit written authorization.

Incident Response

In the event of a confirmed security incident affecting customer data, Rocketgraph will:

• Notify affected customers within 72 hours of confirmation.
• Provide a summary of the incident, scope of impact, and remediation steps taken.
• Work with affected customers on any required regulatory notifications.

On-Premises Deployments

For customers running Rocketgraph on their own infrastructure, all data remains within the customer's environment. Rocketgraph has no access to, and does not process, any customer data in on-premises deployments. Security responsibilities for the underlying infrastructure, network, and access controls rest entirely with the customer.

Vulnerability Disclosure

If you believe you have found a security vulnerability in Rocketgraph, please report it responsibly to [email protected]. We will acknowledge your report within 2 business days and work to address confirmed issues promptly.