SOC 2 Compliance Primitives.
A system layout mapping our infrastructure directly to the AICPA Trust Services Criteria for Security, Availability, and Confidentiality.
Tenant resources are isolated through rigorous API key evaluation (authenticateDeveloperKey). Secret access keys are generated via Node's native crypto.randomBytes and are one-way hashed into our PostgreSQL configuration ledger, ensuring zero plaintext visibility even for system administrators.
Our email dispatch layer is built for absolute resilience. The DeliverabilityEngine automatically shifts transaction routes between high-availability providers (AWS SES to Postmark) if outbound latency thresholds are breached, fulfilling strict uptime Service Level Agreements.
All verification checks execute exclusively within transient memory. Our authepy_api_logs table strictly records metadata (timestamps, IP addresses, success/fail statuses) for 30-day retention policies. The actual numeric OTP codes are purposefully banned from application monitoring logs.