Security & Compliance
Your cultivation data deserves enterprise-grade protection. We've built security into every layer of the platform—from encryption to access controls to audit logging.
Data Protection
🔐 Encryption in Transit
All data transmitted to and from our platform uses TLS 1.3, the latest transport layer security protocol. HSTS enforced on all endpoints.
💾 Encryption at Rest
Database and file storage encrypted with AES-256. Encryption keys managed through secure key management service with automatic rotation.
🔑 Access Controls
Role-Based Access Control (RBAC) with 7 permission levels. Principle of least privilege enforced. Session management with configurable timeouts.
📋 Audit Logging
Comprehensive audit trails for all data access and modifications. Immutable logs retained for compliance review. Real-time alerting available.
Multi-Tenant Architecture
Canna Data Science is built from the ground up for multi-tenancy with strict data isolation:
- Database isolation: Each customer's data is isolated with company_id filters on every query
- Application layer: Tenant context validated on every request
- No cross-tenant data access: Architectural guarantees prevent data leakage
- Separate environments: Development and production systems are fully isolated
Infrastructure Security
Our platform is built on SOC 2 compliant cloud infrastructure with industry-standard security controls:
- Cloud provider: Hosted on SOC 2 Type II compliant infrastructure
- Network security: VPC isolation, security groups, and WAF protection
- DDoS protection: Automatic mitigation of volumetric and application-layer attacks
- Intrusion detection: Continuous monitoring with automated response
- Patch management: Regular security updates with minimal downtime
Authentication & Identity
- Password security: bcrypt hashing with salting, minimum complexity requirements
- Session management: Secure session tokens with configurable expiration
- Device trust: Optional persistent sessions for trusted devices
- SSO support: Enterprise SSO integration available (SAML, OIDC)
- MFA: Multi-factor authentication available for Enterprise plans
Compliance Framework
| Standard | Status | Notes |
|---|---|---|
| SOC 2 Compliant Infrastructure | Yes | Built on SOC 2 Type II certified cloud providers |
| GDPR Ready | Yes | Data subject rights, consent management, DPA available |
| CCPA Compliant | Yes | California privacy rights supported |
| HIPAA | Enterprise | BAA available for Enterprise customers if required |
| Data Residency | Enterprise | Regional data hosting options available |
AI Data Governance
Special considerations for AI-powered features:
- No model training: Your data is not used to train public AI models without explicit opt-in consent
- PII redaction: Automatic redaction of personal information before AI processing
- Provider choice: Select Anthropic, OpenAI, or Google—your data, your choice
- Retention controls: Configurable AI conversation history retention (default 90 days)
- Private instances: Enterprise customers may request dedicated AI infrastructure
Business Continuity
- 99.9% uptime SLA: Enterprise-grade availability guarantee
- Automated backups: Daily database backups with point-in-time recovery
- Disaster recovery: Multi-region failover capability
- Data export: Full data export available at any time in standard formats
Security Contact
We take security seriously. If you discover a potential security issue, please contact us:
- Email: security@cannadatascience.com
- Response time: Within 24 hours for security reports
Enterprise customers may request our full security documentation, including penetration test results and security questionnaire responses.
Ready to Get Started?
Experience enterprise-grade security with a free 30-day trial. No credit card required.
Start Free Trial