Security Architecture
Enterprise-grade security
From encryption and access control to audit logging and compliance, Canero is built for organizations with demanding security requirements.
Security capabilities
Core security properties across infrastructure, access control, and data protection.
- AES-256 at rest for all data
- TLS 1.3 in transit for all connections
- Encryption keys managed via cloud KMS
- No unencrypted storage of sensitive data
- Role-based access controls
- Least-privilege principle throughout
- Separate access levels for different functions
- No standing access to customer data by Canero staff
- Append-only audit trail for all administrative events
- Every support access session logged
- Immutable audit records
- Exportable for compliance review
- Hosted on enterprise-grade cloud infrastructure
- Isolated deployment per tenant
- Automated security patching
- Regular vulnerability scanning
Authentication & authorization
Flexible authentication options designed for enterprise security requirements.
Email & Password
Standard authenticated login with secure password hashing and session management.
SSO / SAML
Enterprise SSO integration for organizations using identity providers like Okta or Azure AD.
Role-Based Access
Configurable roles for admins, reviewers, and leaders - each with appropriate data access.
Trust & security posture
Canero's security capabilities and compliance roadmap.
Encryption at Rest
Encryption in Transit
Audit Logging
Role-Based Access Controls
DPA
Data Processing Agreement available for enterprise customers.
Security Questionnaire
Available upon request.
SOC 2 Type II
SSO/SAML
Security questions?
We're happy to complete security questionnaires, arrange security reviews, or discuss specific requirements with your team.