Security at NearIRM
Security is foundational to an incident response platform. Here is how we protect your data.
Infrastructure
- Hosted on industry-leading cloud infrastructure with SOC 2 certified providers
- All data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Database backups encrypted and stored in geographically separate regions
- DDoS protection and web application firewall on all endpoints
Application Security
- Webhook payloads validated and sanitized before processing
- Role-based access control with organization-scoped data isolation
- Session management with secure, HTTP-only cookies
- Rate limiting on all API endpoints
- CSRF protection on all state-changing operations
Authentication
- Passwords hashed with bcrypt (work factor 12)
- Magic link authentication available as a passwordless option
- Session tokens rotated on privilege changes
Data Handling
- Alert data processed in memory and stored only for the retention period (90 days)
- Multi-tenant architecture with strict organization-level data isolation
- No customer data used for training or analytics beyond service operation
Incident Response
We practice what we build. Our own team uses NearIRM for internal monitoring and follows a documented incident response process for any security events.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly by emailing [email protected]. We aim to acknowledge reports within 24 hours.