Security
ReguNav is built on the same primitives we ask our customers to demonstrate. Live posture at trust.regunav.com.
Architecture
- edge-native runtime with no long-running servers — global presence, low latency.
- Primary database with row-level security at the tenant boundary.
- Analytics warehouse (Frankfurt eu-central-1) for OLAP and audit-trail.
- Edge policy engine (ABAC) — sub-millisecond decisions, every request.
- Identity provider with SSO/SAML/OIDC and optional SCIM.
Encryption
- In transit: TLS 1.3 with HSTS preload, ECDHE-only ciphers.
- At rest: AES-256-GCM across primary database, object storage, and analytics warehouse.
- BYOK on Enterprise: customer-managed keys (KMS / HSM-backed).
Compliance posture
| Standard | Status |
|---|---|
| SOC 2 Type II | Type I report Q3 2026 · Type II observation in progress |
| ISO/IEC 27001:2022 | Stage 1 audit Q4 2026 |
| ISO/IEC 42001:2023 (AIMS) | Internal AIMS active · external audit Q1 2027 |
| GDPR | Art 32 implemented · DPO designated · DPIA template published |
| EU AI Act | Self-classified as not-high-risk · Art 50 transparency live · Art 4 AI literacy training mandated |
| HIPAA | BAA available on Enterprise · technical safeguards in place |
Incident response
24×7 paging via PagerDuty · SOC ticket triage SLA <15 min for P1 · public status page at status.regunav.com · GDPR-compliant breach notification within 72 hours.
Vulnerability disclosure
Email security@regunav.com with PGP key from /.well-known/security.txt. Bug bounty live on HackerOne for Enterprise customers.