← Back to Slokoto

Security

Last Updated: January 13, 2026

AES-256 Encryption
GDPR Compliant
High Availability (Vercel)
SOC 2 Infrastructure

Our Commitment to Security

At Slokoto, security isn't just a feature—it's foundational to everything we build. We understand that you're trusting us with your valuable sales data and customer information. This responsibility drives us to implement robust security measures and partner with industry-leading infrastructure providers who maintain the highest security certifications.

This page provides an overview of our security practices and the measures we take to protect your data. For specific questions, please contact our team at security@slokoto.com.

This page is for transparency and does not create contractual commitments (such as a service level agreement). Our legal terms are governed by our Terms of Serviceand Privacy Policy.

1. Enterprise-Grade Infrastructure

Slokoto is built on top of industry-leading infrastructure providers that maintain comprehensive security certifications. By partnering with these providers, your data benefits from enterprise-grade security without compromise.

Vercel (Application Hosting)

Our application is hosted on Vercel, a leading cloud platform that maintains:

  • SOC 2 Type II certification
  • GDPR compliance
  • ISO 27001 certification
  • DDoS protection and global edge network

Supabase (Database)

Your data is stored securely in Supabase, which provides:

  • SOC 2 Type II certification
  • HIPAA compliance available
  • Data encryption at rest and in transit
  • Regular automated backups
  • Row-level security enforcement

Paddle (Payment Processing)

Payment processing is handled by Paddle, a trusted merchant of record:

  • PCI DSS Level 1 compliance
  • GDPR compliant
  • We never store your payment card details

2. Data Protection

Encryption at Rest

All customer data stored in our systems is encrypted using AES-256 encryption, the same standard used by banks and government agencies. This includes:

  • Database records and customer information
  • File uploads and attachments
  • Backups and archives

Encryption in Transit

All data transmitted to and from Slokoto is protected using TLS 1.3 encryption. We enforce:

  • HTTPS-only connections
  • Strong cipher suites with forward secrecy
  • Automatic certificate management via our hosting provider

3. GDPR Compliance

We are committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all our users, regardless of location.

Your Data Rights

Under GDPR and similar privacy regulations, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at support@slokoto.com. We will respond within 30 days.

Data Processing

  • We only collect data necessary to provide our service
  • We do not sell your data to third parties
  • Data is processed within secure, compliant infrastructure
  • We maintain data processing agreements with all sub-processors

4. Authentication & Access Control

User Authentication

Slokoto provides secure authentication methods to protect your account:

  • Secure Password Storage: Passwords are hashed using industry-standard algorithms
  • OAuth Integration: Sign in securely with Google
  • Session Management: Secure session handling with automatic timeout

Role-Based Access Control

Control who can access what within your organization:

  • Granular permission levels (Admin, Manager, Member, Viewer)
  • Team-based access segregation
  • Data isolation between organizations

5. Availability & Reliability

Uptime Commitment

We work to maintain high availability for the Service:

  • We deploy on Vercel's global edge network for fast, reliable access
  • Deployed on Vercel's global edge network for fast, reliable access
  • Automatic scaling to handle traffic spikes
  • Redundant database infrastructure via Supabase

If you need a formal uptime SLA, security questionnaire, or sub-processor list for procurement, contact us at security@slokoto.com.

Data Backup

Your data is protected against loss:

  • Automated daily backups
  • Point-in-time recovery capability
  • Geographically distributed backup storage

6. Application Security

Secure Development Practices

Security is integrated into our development process:

  • Code reviews for all changes
  • Dependency vulnerability scanning
  • Input validation and sanitization
  • Protection against common web vulnerabilities (XSS, CSRF, SQL injection)

API Security

Our APIs are protected with multiple security controls:

  • Authentication required for all API endpoints
  • Rate limiting to prevent abuse
  • Request logging and monitoring

7. AI & Data Processing

Our AI-powered features are designed with security and privacy in mind:

  • Data Isolation: Customer data is never shared between accounts
  • No Data Selling: We never sell your data or use it for advertising
  • Purpose Limitation: AI only processes data to provide recommendations to you

We recommend you avoid uploading sensitive personal information (e.g., government IDs, health data, or payment card numbers) into Slokoto.

8. Incident Response

We maintain an incident response process designed to detect, investigate, contain, and remediate security incidents. If we become aware of a confirmed security incident affecting Customer Data, we will provide notice consistent with applicable law and our contractual obligations.

9. Security Best Practices for Users

Help keep your account secure by following these recommendations:

Use Strong, Unique Passwords

Create a password at least 12 characters long with a mix of letters, numbers, and symbols.

Review Team Access Regularly

Periodically audit team member permissions and remove access for departed employees.

Be Wary of Phishing

We will never ask for your password via email. Always verify links before clicking.

Log Out on Shared Devices

Always log out when using shared or public computers.

10. Responsible Disclosure

We value security researchers and encourage responsible disclosure of any vulnerabilities you may find.

Report a Vulnerability

If you've discovered a security vulnerability in Slokoto, please report it to us responsibly:

  • Email: security@slokoto.com
  • Include detailed steps to reproduce the issue
  • Allow reasonable time for us to address the issue before public disclosure

We commit to responding to security reports promptly and will keep you informed throughout the remediation process.

11. Security Contact

For security-related inquiries or to report concerns:

Slokoto Security Team

Security Reports: security@slokoto.com

General Inquiries: support@slokoto.com

Related Resources

Learn more about how we handle your data

Privacy PolicyTerms of Service