Security

Your Security is Our Priority

We understand that immigration documents contain sensitive personal information. That's why we've built SureCitizen with enterprise-grade security from the ground up.

How We Protect Your Data

Multiple layers of security to keep your information safe

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Secure Infrastructure

Hosted on SOC 2 Type II compliant cloud infrastructure with 24/7 monitoring.

Access Controls

Role-based access controls and multi-factor authentication for all accounts.

Privacy by Design

We collect only necessary data and never sell your personal information.

Regular Audits

Third-party security assessments and penetration testing conducted annually.

Incident Response

Dedicated security team with documented incident response procedures.

Technical Security Measures

Data Encryption

All data transmitted to and from SureCitizen is encrypted using TLS 1.3. Documents stored in our system are encrypted at rest using AES-256 encryption with keys managed through a secure key management system.

Authentication

We support multi-factor authentication (MFA) for all accounts. Passwords are hashed using bcrypt with appropriate salt rounds. Session tokens expire after periods of inactivity.

Infrastructure

Our infrastructure is hosted on SOC 2 Type II compliant cloud providers with data centers in the United States. We maintain strict network segmentation and firewall rules.

Monitoring & Logging

All system access is logged and monitored 24/7. We use intrusion detection systems and automated alerting for suspicious activities.

Compliance & Certifications

SOC 2 Type II Compliant Hosting
GDPR Compliant
CCPA Compliant
PCI DSS for Payment Processing

Report a Security Issue

If you discover a security vulnerability, please report it responsibly to our security team.

security@surecitizen.com

Our Data Practices

We DO:

  • Encrypt all sensitive data at rest and in transit
  • Limit employee access to customer data on a need-to-know basis
  • Conduct regular security training for all employees
  • Delete your data upon request

We DON'T:

  • ×Sell your personal information to third parties
  • ×Share your data with government agencies without legal requirement
  • ×Store sensitive data in unencrypted form
  • ×Access your documents without legitimate business purpose