01
SSO via SAML 2.0 / OIDC
Major IdPs: Okta, Azure AD, Keycloak, Google Workspace. Just-in-time provisioning supported.
Trust Center · Security
Zero-trust by architecture.
Quanterios is built on a zero-trust architecture with cryptographic service identity, region-pinned data planes, and ISO 27001-aligned operational controls. Every claim below is either evidenced in our internal SOC 2 readiness package or verifiable in the product itself.
01 · Identity & access
02
Role-based access control
Least-privilege defaults. Granular role-to-resource mapping. Customer-overridable.
03
Hardware-backed MFA
Enforced on all admin paths. WebAuthn and TOTP supported for end users.
04
Audit log on privilege change
Every role change, every elevation, every override logged with the requester's identity.
02 · Data protection
01
TLS 1.3 in transit
ML-KEM-768 hybrid available. We eat our own dog food on the agility surface.
02
AES-256 at rest
Per-tenant data keys, KMS in region. No cross-tenant queries, ever.
03
Region-pinned data
All customer data region-pinned at write time. Frankfurt, Dublin, Zurich.
04
Backups encrypted
Lifecycle-controlled. Customer-controlled retention windows.
03 · Network & runtime
01
Zero-trust network
Private VPC, no public ingress to control plane. Cryptographic service identity between services.
02
Mutual TLS
Service-to-service mTLS using internal PKI rotated automatically.
03
WAF, DDoS, bot detection
Edge-layer protections at Cloudflare; DDoS mitigated at network and application layers.
04
Container hardening
CIS-aligned base images, minimal attack surface, runtime allow-listing.
04 · Operations
01
Vulnerability scanning
Continuous scanning across containers, dependencies, infrastructure. CVE patching SLA per severity tier.
02
Penetration testing
Annually + on major release. Third-party tester. Reports available on request under DPA.
03
Incident response
24×5 on-call rotation. Documented runbooks. Customer notification SLA per severity.
04
ISO 27001 alignment
Internal alignment in progress. SOC 2 Type 1 in scope for the next reporting period.
Need our security package?
Email trust@quanterios.com for the security questionnaire, DPA template, and pen-test summary.