Last Updated: June 5, 2026

Security Infrastructure

Concolabs is built from the ground up to protect active drawing assets, financial tables, and project identities. Learn how we safeguard your enterprise operations.

1. Security Operations & Compliance

Concolabs implements operational controls verified by independent third-party assessments:

  • SOC 2 Type II: Our infrastructure, employee workflows, and development life cycles are audited annually under SOC 2 Security and Availability criteria.
  • GDPR & CCPA Compliant: Stored profile records, drawing archives, and active databases are managed in compliance with EU and US data privacy regulations.
  • PCI-DSS Level 1: All financial and subscription payments are directly handled by Stripe, a certified PCI Level 1 credit card processor. We do not store raw card numbers.

2. Data Encryption Protocols

We ensure that all customer files, databases, and API keys are heavily encrypted during transit and at rest:

  • In Transit: Web connections, mobile requests, and SQLite sync routes are encrypted using HTTPS and TLS 1.3. Standard HTTP requests are automatically upgraded.
  • At Rest: Stored assets, CAD drawings, metadata values, and credentials are encrypted using AES-256 with keys managed by AWS Key Management Service (KMS).
  • Key Rotation: Encryption keys are automatically rotated periodically to protect access credentials from compromise.

3. Infrastructure Defense

Our application servers reside in premium AWS and GCP data centers, featuring:

  • Isolated VPCs: Databases are housed in private subnets with strict firewall rules and are inaccessible from the open web.
  • DDoS Mitigation: High-bandwidth edge routing services defend instance gateways against volumetric network attacks and resource exhaustion.
  • Automated Backups: Database replicas and system snapshots are encrypted and captured daily, with multi-region backup replication.

4. Access Control & IAM

We strictly enforce identity and access management guidelines internally and externally:

  • Multi-Factor Authentication (MFA): Corporate workspaces can enforce mandatory 2FA/MFA for all team profiles (via Google Authenticator or SMS).
  • Role-Based Access Control (RBAC): Admin, Member, and Viewer roles restrict drawing editing rights and checkout access.
  • Single Sign-On (SSO): Enterprise accounts can configure custom SAML 2.0 or OIDC single sign-on connections (e.g., Okta, Azure AD).

5. Vulnerability Disclosure

We welcome reports from cybersecurity researchers. If you identify a bug or vulnerability:

  • Please submit details via email to security@concolabs.com before making it public.
  • Provide reproducible steps, payload examples, and affected routes.
  • We do not seek legal action against researchers acting in good faith. We review reports within 48 hours and work to deploy hotfixes promptly.