Security

1. Our Commitment

Security is foundational to BlackOptic Seer. We design, build, and operate the platform with the understanding that our customers trust us with access to their business data. We take that trust seriously and apply defense-in-depth principles throughout.

2. Authentication & Access Control

• Enterprise SSO via OIDC/SAML, available with guided setup
• Multi-factor authentication (MFA) support
• Role-based access control (RBAC) with granular permissions
• Row-level security (RLS) for data-level access restrictions
• Session management with configurable timeouts

3. Data Protection

• All data in transit is encrypted via TLS 1.2+
• Database credentials are encrypted at rest using Fernet symmetric encryption
• Customer database connections use read-only credentials whenever possible
• Uploaded files and documents are stored in isolated, access-controlled object storage
• Application data is stored in managed PostgreSQL with automated backups

4. Infrastructure

• Private deployment options available — run Seer within your own infrastructure
• Internal services (database, cache, semantic layer) are network-isolated and not exposed publicly
• Container-based deployment with pinned, version-locked dependencies
• No use of GPL/AGPL components in customer-facing runtime

5. Operational Security

• Comprehensive audit logging for administrative actions
• Rate limiting and abuse prevention on API endpoints
• Dependency scanning and license compliance checks in CI/CD
• Regular dependency updates with security review

6. Responsible Disclosure

If you discover a security vulnerability, please report it to us at security@blackoptic.ai. We will acknowledge receipt within 48 hours and work with you to address the issue promptly. Please do not publicly disclose any vulnerability until we have had a reasonable opportunity to respond.

7. Questions

For security-related questions or to request more detailed information about our security practices, contact us at security@blackoptic.ai.