Trust Center

Enterprise Security Program

Stak operates in a financial context — investor identities, investment values, deal economics, and legal documents. Security is not a feature. It is the foundation.

256-bit EncryptionGDPR & nFADP Ready2FA ProtectedFull Audit Trail

How We Protect Your Data

Six layers of security across encryption, authentication, access control, audit, infrastructure, and network.

Encryption

256-bit TLS encryption for all data in transit
AES-256 encryption for data at rest
Encrypted secret storage for TOTP 2FA keys
Secure document access tokens with expiration

Authentication

JWT-based authentication with secure HTTP-only cookies
Two-factor authentication (TOTP) with encrypted secrets
bcrypt password hashing with configurable cost factor
Session management with automatic expiration

Access Control

Role-based access control (RBAC) with 8 granular permissions
Workspace-level data isolation between organizations
Principle of least privilege enforced across all roles
Invite-only workspace access with email verification

Audit Logging

Full audit trail on all data modifications (payload-auditor)
Activity logs with before/after diffs
Login and access event tracking
Retention: 30 days (Starter), 1 year (Pro), Unlimited (Enterprise)

Infrastructure

Hosted on Vercel Edge Network with global CDN
MongoDB Atlas (EU region) with automated backups
Upstash Redis for rate limiting and caching
Sentry for real-time error monitoring and alerting

Network Security

Content Security Policy (CSP) headers
HTTP Strict Transport Security (HSTS)
CSRF protection with domain whitelist
Rate limiting on all API endpoints
X-Frame-Options, X-Content-Type-Options, Referrer-Policy

Compliance & Certifications

Current compliance status and certification roadmap.

GDPR CompliantActive

Swiss nFADP CompliantActive

SOC 2 Type IIIn Progress

ILPA-Aligned ReportingActive

DPA AvailableActive

SSO (Enterprise)Roadmap

SOC 2 Type II — target Q2 2027. In the interim, Stak undergoes regular security assessments and penetration testing.
SSO (SAML/OIDC) — target Q2 2026 for Enterprise plans.

Uptime & Reliability

Stak is built on enterprise infrastructure with high-availability guarantees.

99.9%

Uptime SLA

Monthly uptime commitment

<200ms

API Response

p95 response time globally

24/7

Monitoring

Automated alerting & incident response

View Full SLA

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a vulnerability in Stak, please report it responsibly:

Email: mail@stak.pe with subject "Security Vulnerability Report"
Security policy: /.well-known/security.txt (RFC 9116)

We will acknowledge your report within 48 hours and aim to resolve verified vulnerabilities within 30 days. We appreciate responsible disclosure and will credit researchers in our acknowledgments section (with consent).

Request Security Deck

Get our detailed security documentation package, including architecture overview, encryption specifications, and compliance certifications.

Security Questions?

Our team is available to discuss your security requirements and compliance needs.