All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed via a dedicated Hardware Security Module (HSM) and rotated automatically on a 90-day schedule.
Role-based access control (RBAC) with mandatory MFA enforcement across all accounts. Privileged access is managed via a PAM system with just-in-time provisioning and full audit logging.
Automated daily encrypted backups with 30-day retention. Point-in-time recovery is available within a 15-minute window. All backup integrity is tested monthly with automated restoration drills.
Hosted on ISO 27001-certified cloud infrastructure with full network segmentation. A Web Application Firewall (WAF) and DDoS protection are active at all times across all endpoints.
Sangoe never sells, rents, or shares your personal data with third parties for commercial purposes. All data processing is strictly limited to what is necessary for delivering the service. You retain full ownership of your data at all times.
Sangoe is fully GDPR-compliant. We offer Data Processing Agreements (DPAs) for enterprise customers, support right-to-erasure and right-to-portability requests, and maintain a comprehensive Records of Processing Activities (RoPA).
We guarantee 99.9% monthly uptime across all paid plans, backed by our Service Level Agreement. Planned maintenance windows are communicated at least 48 hours in advance and scheduled during off-peak hours.
Global CDN distribution ensures fast, reliable access regardless of location. Our infrastructure runs across multiple availability zones with automatic failover — no single point of failure exists in our production environment.
Sangoe holds or is actively working towards: ISO 42001 (AI Management Systems), ISO 27001 (Information Security Management), PCI DSS Level 1 (Payment Security), SDG Alignment Certification, and ESG Readiness Assessment.
Our ongoing compliance roadmap includes SOC 2 Type II certification and alignment with India's Digital Personal Data Protection (DPDP) Act. Quarterly third-party penetration tests are conducted and results are reviewed by our security board.
Real-time system status for all Sangoe services is publicly available at status.sangoe.com. You can subscribe to instant email or SMS notifications for any incident affecting your region or service.
All service incidents are publicly disclosed within 72 hours of detection. Detailed post-mortems with root cause analysis are published for major incidents within 14 business days of resolution.
We actively welcome responsible security disclosures from the security research community. Report any vulnerabilities to security@sangoe.com — our dedicated security team responds within 48 hours and will acknowledge valid reports.
Researchers who responsibly disclose valid vulnerabilities are acknowledged in our public Hall of Fame (with consent) and may be eligible for rewards under our Bug Bounty Programme based on severity and impact.
Our dedicated security team responds within 48 hours to all enquiries.