Security Practices

Last updated: June 1, 2025

At SignalArk Inc., trust is our foundation. As a platform entrusted with critical sales and GTM data, we maintain rigorous security standards designed to protect your information at every layer. Our enterprise-grade security program is built into our software development lifecycle and infrastructure from day one.

Infrastructure Security

We utilize a modern, serverless architecture deployed on industry-leading cloud infrastructure providers. Our cloud environments are continually monitored and physically secured by our hosting partners.

  • Encryption: All data is encrypted at rest using industry-standard AES-256 encryption. Data in transit is secured via TLS 1.2 or higher.
  • Isolation: Customer data is logically separated using rigorous workspace isolation patterns at the database layer.

Authentication & Access Control

We implement strict identity and access management controls to prevent unauthorized access to your account and data.

  • Authentication: We use secure JWT-based sessions. All user passwords are comprehensively hashed using bcrypt. We also support standard OAuth providers.
  • Role-Based Access Control (RBAC): Granular RBAC is built into the core platform, ensuring users only have access to the data and actions permitted by their role (Admin, Manager, Rep, Auditor, Viewer).

API & Integration Security

SignalArk connects seamlessly with your existing stack, maintaining security across system boundaries.

  • API Security: External access requires dedicated API keys. All endpoints enforce strict rate limiting and request validation.
  • Third-Party Integrations: CRM connections (HubSpot, Salesforce) utilize secure OAuth PKCE flows. We never store native credentials for your CRM systems. Access tokens are isolated per workspace and rotated automatically.

GDPR & Compliance Features

We provide tools to help our customers meet global privacy standards natively within the platform.

  • Built-in privacy center for Data Subject Requests.
  • Consent management and auditable retention policies.
  • Comprehensive, immutable audit trails for sensitive actions.

Continuous Auditing & SOC 2

We are working actively toward SOC 2 Type II certification to provide formal, independent validation of our security controls and operational processes.

Responsible Disclosure

If you are a security researcher and believe you have discovered a vulnerability in our platform, we want to hear from you. We investigate all legitimate reports and ask that you disclose the information responsibly.

Please submit findings directly to our security team:

Email: security@signalark.app