Security & Compliance

At AnalyticKit, security is foundational to everything we build. We understand that trusting an analytics provider with your user data is a significant decision, and we take that responsibility seriously.

Data Encryption

• At Rest — AES-256: All stored data is encrypted using AES-256, the same standard used by governments and financial institutions.
• In Transit — TLS 1.3: Every connection uses TLS 1.3, ensuring data cannot be intercepted or tampered with during transmission.
• Key Management: Encryption keys are managed through a dedicated key management service with automatic rotation and comprehensive audit logging.

Access Controls

• Role-Based Access Control (RBAC): Assign team members specific roles — Viewer, Analyst, Editor, or Admin — each with precisely scoped permissions.
• Two-Factor Authentication (2FA): All accounts support TOTP-based 2FA via apps like Google Authenticator or Authy.
• Single Sign-On (SSO): Enterprise customers can integrate with Okta, Azure AD, or Google Workspace via SAML 2.0 or OpenID Connect.
• Session Management: Active sessions are tracked and can be revoked at any time. Idle sessions expire automatically.

GDPR Compliance

• Data Processing Agreements (DPA): We provide comprehensive DPAs to all customers. Enterprise customers can request custom DPAs.
• Right to Erasure: API endpoints and dashboard tools to delete individual user data permanently within 30 days of request.
• Data Portability: Export all analytics data at any time in JSON or CSV. Your data belongs to you.
• Consent Management: Integrates with popular consent management platforms for automatic opt-in/opt-out handling.

Data Residency

• EU Data Center: All data processing and storage within EU-based infrastructure for customers requiring EU residency.
• US Data Center: Low-latency access for North American customers with SOC 2-certified data centers.
• No Cross-Region Transfer: Data stays in your selected region. No cross-region transfers without explicit consent.

Infrastructure Security

• Cloud Hosting: Enterprise-grade cloud infrastructure with 99.9% uptime SLA, redundant systems, and automated failover.
• Penetration Testing: Regular third-party penetration tests at least twice per year. Critical issues addressed within 24 hours.
• DDoS Protection: Enterprise DDoS mitigation that detects and absorbs volumetric, protocol, and application-layer attacks.
• Network Segmentation: Production environments isolated from development/staging. Internal services on private networks with strict firewall rules.

SOC 2 Type II Compliance

AnalyticKit is actively pursuing SOC 2 Type II certification, evaluating controls across security, availability, processing integrity, confidentiality, and privacy. We anticipate completing the audit in mid-2026. Enterprise customers can request our current readiness assessment.

Web3-Specific Security

• No Private Keys Stored: AnalyticKit never requests, receives, or stores private keys or seed phrases. Zero access to user funds.
• Read-Only Blockchain Access: All on-chain data accessed through read-only RPC endpoints. Cannot initiate transactions or modify smart contracts.
• Wallet Address Hashing: Wallet addresses are hashed using SHA-256 before storage by default, unless explicitly configured otherwise.
• Smart Contract Interaction Logging: Captures event metadata (function names, gas usage, status) without exposing sensitive transaction details.

Bug Bounty Program

We operate a responsible disclosure and bug bounty program. Report vulnerabilities to [email protected]. Valid reports are eligible for monetary rewards based on severity, and we acknowledge all reports within 48 hours.

Contact Our Security Team

Email: [email protected]

Review our Privacy Policy and Terms & Conditions.