Every security feature,
explained.
From git secret scanning to SOC 2 compliance, see exactly what's included in each tier and how it protects your startup.
Foundation Security
Phase 1
Git Secret Scanning
Automatic detection of credentials, API keys, and secrets in your codebase using Gitleaks.
Pre-commit Hooks
Block commits containing sensitive data before they reach your repository.
Dependency Scanning
Continuous monitoring for vulnerabilities in npm, pip, and other package managers.
SSH Key Hardening
Ed25519 key generation and management for secure authentication.
2FA Enforcement
Team-wide two-factor authentication checklist and best practices.
Encrypted Backups
Time Machine integration with encryption for secure local backups.
Production Security
Phase 2
Security Headers
Helmet.js integration with A+ rating: HTTPS, CSP, HSTS, X-Frame-Options.
Rate Limiting
DDoS protection with configurable limits (100 req/15min default).
CORS Protection
Cross-Origin Resource Sharing controls to prevent unauthorized access.
Input Validation
Automatic sanitization and validation of all API inputs.
GDPR Compliance
Data export, deletion APIs, and cookie consent management.
Health Monitoring
System health endpoints with performance metrics and uptime tracking.
SOC 2 Foundation
Phase 3A
per month
60+ Page Policy Suite
Complete SOC 2 documentation: Information Security, Incident Response, Access Control.
HashiCorp Vault
Enterprise secrets management with automatic 30-day rotation.
SIEM Logging
Security Information & Event Management with 90-day retention.
Security Training
45-minute awareness course covering phishing, passwords, and data handling.
Incident Response
Complete playbooks for P0-P3 incidents with escalation procedures.
Audit Trail
Tamper-evident logging with cryptographic hash chaining.
Feature Comparison
See exactly what's included in each security tier.
| Feature | Phase 1 | Phase 2 | Phase 3A |
|---|---|---|---|
| Git Secret Scanning | |||
| Pre-commit Hooks | |||
| Dependency Scanning | |||
| Security Headers (A+) | — | ||
| Rate Limiting & DDoS | — | ||
| CORS Protection | — | ||
| Input Validation | — | ||
| GDPR APIs | — | ||
| SOC 2 Policies (60+ pages) | — | — | |
| HashiCorp Vault | — | — | |
| SIEM Logging | — | — | |
| Security Training | — | — | |
| Incident Response Plans | — | — | |
| Dedicated Consultant | — | — |