OverviewIdentity API ReferenceRisk APIScreening APIBusiness Check

Security

Keeping customer data protected at all times is Beltic’s highest priority.

Below is an overview of Beltic’s compliance certifications and core security practices.

GDPR-Compliant

Beltic adheres to the requirements of the General Data Protection Regulation (GDPR) for processing, storing, and transferring personal data.

All data handling follows principles of lawfulness, fairness, transparency, purpose limitation, and data minimization.

SOC 2 Type II

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) framework provides assurance over how service providers manage customer data.

Beltic’s SOC 2 Type II is currently in progress. The report is independently audited and will be refreshed periodically.

It focuses on controls related to security, availability, and confidentiality.

Secure by Design

All systems and services are developed under a zero-trust model with least-privilege access and continuous monitoring.

Every change to code or infrastructure is reviewed, tested, and traceable through Beltic’s secure software development lifecycle.

Penetration Tested

Independent third-party security firms conduct vulnerability and penetration testing on Beltic’s products and infrastructure. This is planned to begin post SOC 2 Type II completion.

Data Encryption

  • At rest: AES-256 encryption with 256-bit keys.

  • In transit: SSL/TLS enforced for all communications.

  • Access control: Role-based permissions and short-lived credentials.

Network Security

  • Default-deny ingress and egress policies.

  • Continuous network monitoring and intrusion detection.

  • Encrypted internal traffic and centralized logging for forensics.

API Security

  • All API traffic requires SSL/TLS.

  • Access secured by bearer tokens; short-lived credentials preferred.

  • Requests rate-limited and fully logged with identifiers and timestamps.

Authentication

  • All administrative and production access requires multi-factor authentication (MFA).

  • Optional SAML SSO and SCIM provisioning for enterprise customers.

  • Access levels follow least-privilege principles and are time-limited.

Application Security

  • Continuous vulnerability scanning for dependencies and third-party components.

  • Automated secret detection in all build pipelines.

  • Peer-reviewed merges with automated tests and checks before deployment.

Internal Access

  • Access to internal systems restricted by role and function.

  • All access requires MFA and is logged for audit.

  • Employees undergo periodic security and compliance training.

This documentation is maintained by Beltic. For questions, feedback, or support, feel free to contact our support team.

© 2025 Beltic. All rights reserved.