DealTrackerDealTracker

Security

DealTracker is designed for teams handling confidential transactions. Security is foundational to how we build, deploy, and operate the platform.

Encryption

  • All data encrypted in transit via TLS 1.3
  • Data encrypted at rest using AES-256
  • Session tokens are httpOnly, Secure, and SameSite-strict

Authentication & Access Control

  • Single Sign-On (SSO) via SAML 2.0 and OpenID Connect
  • SCIM provisioning for automated user lifecycle management
  • Role-based access control with four workspace roles
  • Session management with configurable timeouts

Audit & Compliance

  • Immutable audit trail for every user action
  • Granular event logging for document access and deal modifications
  • Exportable audit reports for compliance reviews

Infrastructure

  • Hosted on Azure with SOC 2 Type II certified infrastructure
  • Data residency options: EU (West Europe) and US regions
  • Automated backups with point-in-time recovery
  • Network isolation with private endpoints

Organizational Controls

  • Workspace-level isolation between organizations
  • Invitation-only access with domain verification
  • Admin controls for feature flags and integrations

Sub-processors

  • Azure (infrastructure and AI services)
  • Auth0 (identity and authentication)
  • No third-party analytics on deal data
  • Full sub-processor list available on request

Questions about our security practices? Contact us at security@dealtracker.com. We are happy to complete security questionnaires and provide additional documentation for your review.