Identity & access
- SSO via SAML 2.0 and OAuth 2.0 / OIDC for enterprise tenants.
- Role-based access control (buyer, supplier, admin) enforced at the database layer.
- Optional multi-factor authentication for every user.
- Session expiry, inactivity timeout, and device-level revocation.
Data protection
- TLS 1.2+ for all data in transit.
- AES-256 encryption for data at rest, including backups.
- Secrets stored in a managed vault, never in source code.
- Regional data residency (EU, UK, US) on the Enterprise plan.
Application security
- Row-level security policies on every multi-tenant table.
- Continuous dependency scanning and automated patching.
- Static analysis and code review on every change.
- Full audit trail on every RFQ, quotation, award, and contract action.
Operations
- Production access limited to on-call engineers, MFA-protected, time-bound.
- Daily encrypted backups with point-in-time recovery.
- Documented incident-response playbooks and customer notification within 72 hours.
Compliance roadmap
TheDigiHubs is GDPR and UK GDPR aligned today. SOC 2 Type II and ISO 27001 audits are in progress. A DPA, security questionnaire (SIG / CAIQ), and subprocessor list are available on request.
Responsible disclosure
If you believe you've found a security issue, please email support@thedigihubs.com with steps to reproduce. We respond within 2 business days, will not pursue legal action against good-faith research, and credit reporters on request.
Contact
Security or compliance documentation: support@thedigihubs.com.