Security is the foundational layer of the DataDack orchestration engine, built from the kernel up to handle enterprise IoT protocols and mission-critical AI inferences.
All nodes communicate via strictly enforced mutually authenticated TLS (mTLS). This ensures that traffic between your local nodes, the central orchestration core, and your local IoT telemetry devices cannot be intercepted or spoofed.
Enterprise clusters are entirely air-gapped from our multi-tenant SaaS. You receive a dedicated Virtual Private Cloud with strict peering rules and zero inbound public ingress by default.
DataDack enforces a zero-trust model across all service boundaries. Every request is authenticated and authorized independently — no implicit trust is granted based on network location or prior session state.
All stored data — workflow state, agent memory, IoT telemetry, and audit logs — is encrypted at rest using AES-256. Encryption keys are managed per-tenant and rotated on a regular schedule.
We are actively working toward SOC 2 Type II certification under AICPA standards. Our security controls, access management, and audit logging are designed to meet these requirements. Certification is targeted for 2026. Enterprise customers can request our current security posture documentation.
DataDack's architecture is aligned with India's Digital Personal Data Protection Act (DPDP, 2023) and the EU General Data Protection Regulation (GDPR). All customer data is processed within the customer's chosen region — no cross-border data transfer by default.
To report a security vulnerability, email contact@datadack.com with a detailed description. We respond to all security reports within 48 hours.