SSO & Data Security

All data in transit is protected by TLS 1.3 with forward-secrecy cipher suites. All data at rest is encrypted using AES-256 managed by the cloud infrastructure provider. Encryption keys are rotated automatically every 90 days.

Database volumes, backups, and object storage are all encrypted at rest. Application-level encryption is applied to sensitive configuration fields and API credentials.

701am supports SAML 2.0 and OpenID Connect (OIDC) authentication, compatible with:

• Okta
• Azure Active Directory / Entra ID
• Google Workspace
• OneLogin
• Shibboleth (InCommon Federation)
• Any SAML 2.0 or OIDC-compliant identity provider

SSO is available on all paid plans at no additional cost. Just-in-time (JIT) provisioning is supported. IdP-initiated and SP-initiated flows are both available.

Role-based access control (RBAC) is included with granular permission levels:

• Admin — full workspace configuration, billing, user management
• Editor — create and manage campaigns, view analytics
• Viewer — read-only access to dashboards and reports
• Integration — API-only access for automated workflows

SCIM provisioning for user lifecycle management is available on annual plans.

All access to and actions within the 701am platform are logged. Audit logs include: user identity, timestamp, action type, resource affected, IP address, and outcome (success/failure). Logs are retained for a minimum of 12 months and are available for export upon request.

Logs are immutable and cannot be modified or deleted by workspace users.

701am runs on AWS (Amazon Web Services) across US-East and US-West regions. Infrastructure includes:

• Virtual Private Cloud (VPC) with network ACLs and security groups
• Web application firewall (WAF) with OWASP Top-10 rules
• Distributed denial-of-service (DDoS) protection via AWS Shield
• Automated vulnerability scanning on a weekly cadence
• Intrusion detection and automated incident response

We conduct annual third-party penetration tests against the platform. Results are reviewed by engineering and remediated on a risk-prioritized basis. Customers may request a summary of the most recent penetration test (subject to a mutual NDA).

701am maintains a documented incident response plan that meets NIST SP 800-61 standards. Breach notifications are made to affected customers within 72 hours of confirmation. Notification includes: nature of the incident, data affected, remediation steps, and expected resolution timeline.

701am is currently pursuing SOC 2 Type II certification (trust services criteria: Security, Availability, and Confidentiality). Read reports will be shared with customers under NDA upon completion.

For security inquiries, contact security@701am.com. We maintain a security.txt file at the standard location and welcome responsible disclosure.