Security at SalesGuard

Last updated: January 2026

Security is foundational to SalesGuard. We are building a platform where buyers evaluate vendors and vendors submit sensitive information including pricing, compliance documentation, and security evidence.

Our approach is security-first, least-privilege by default, and designed to meet enterprise procurement expectations from day one.

1. Security Philosophy

  • Security is designed in, not bolted on.
  • Access is restricted by role, workspace, and intent.
  • We assume sensitive data at all times.
  • We favor clear auditability over hidden automation.

2. Data Encryption

  • All data is encrypted in transit using TLS 1.2+.
  • Data is encrypted at rest using industry-standard encryption.
  • Sensitive vendor documents (e.g. SOC 2 reports) are stored in secure object storage with restricted access.

3. Access Control & Permissions

  • Strict role-based access control (RBAC).
  • Workspace-level isolation between buyers.
  • Vendors can only access their own Passports and submissions.
  • Buyer team members only see data relevant to their role and routes.

4. Authentication & Account Security

  • Secure authentication via modern identity providers.
  • Password hashing and secure session management.
  • Protection against brute-force and abuse attempts.

5. Infrastructure & Hosting

SalesGuard is hosted on modern cloud infrastructure with strong physical and network security controls.

Infrastructure is continuously monitored for availability, abuse, and anomalous behavior.

6. Monitoring, Logging & Auditability

  • Audit logs for sensitive actions.
  • Monitoring for errors, failures, and suspicious activity.
  • Incident tracking and review procedures.

7. Vendor Evidence Handling

Vendor-submitted documents (e.g. SOC 2, ISO certificates, pricing files) are treated as confidential.

These documents are accessible only to the buyer workspace they were submitted to and the vendor who uploaded them.

8. Compliance Readiness

SalesGuard is built with SOC 2 and GDPR requirements in mind, including access controls, auditability, data minimization, and incident response processes.

While SalesGuard may not yet hold formal certifications, our systems and processes are designed to support them.

9. Responsible Disclosure

We welcome responsible security research. If you believe you have found a security issue, please report it responsibly.

contact@salesguard.co

10. Customer Responsibilities

  • Use strong passwords and protect account access.
  • Limit internal access to trusted team members.
  • Do not upload data you are not authorized to share.

11. Continuous Improvement

Security is an ongoing process. We regularly review architecture, permissions, and controls as SalesGuard evolves.