Raptor Comply is built for critical infrastructure environments. We design our systems and processes with the same discipline we expect from the compliance teams we serve.
SOC 2 Type II accredited
Data encrypted at rest and in transit
Customer-specific encryption keys
Separate database per organization
Dedicated storage per organization
Role-based access control
Least-privilege enforcement
Multi-factor authentication
Environment isolation available
Bring your own key (BYOK) available
Raptor Comply is hosted on Amazon Web Services (AWS) in North America. Our hardened multi-tenant environments (see below) are hosted in the US East region; customers who opt for their own dedicated AWS instance can choose between US and Canada.
All services run within a Virtual Private Cloud (VPC). Each environment (production, staging) is completely isolated on separate AWS accounts.
Raptor Comply supports two deployment tiers based on customer security requirements:
Tier
Architecture
Encryption
Scale
Hardened multi-tenant with dedicated storage per org
AWS KMS (Raptor Comply managed)
Enterprise
Hardened multi-tenant (default) or optional isolated AWS account with dedicated infrastructure
Customer-managed or mutual (bring your own key)
Customer data remains the property of the customer.
We process data solely to deliver the Raptor Comply service and never sell or share customer data for advertising purposes. See our privacy policy for more details.
Types of data stored may include:
Compliance documentation
Asset inventories
Access control records
Policy documents
User account information
Customer data is isolated at four independent layers:
Database: Each customer organization has its own database instance.
File storage: Each customer organization has a dedicated storage bucket.
Encryption: Each customer organization has a unique encryption key.
Authorization: Per-organization, per-entity access controls.
In transit: All connections are secured with SSL.
At rest: All data is encrypted using AWS KMS with customer-specific keys. Each organization has its own dedicated key with automatic annual rotation. Raptor Comply does not store user passwords.
Bring Your Own Key (BYOK): Enterprise tier customers can use their own encryption keys via AWS KMS external key integration or AWS CloudHSM.
Access to production systems is restricted and role-based. We enforce least-privilege access principles, multi-factor authentication for administrative access, and audit logging of privileged actions.
Raptor Comply internal roles cannot access customer data. This separation supports CIP-004 personnel access control requirements.
Within each organization, customers can provision access across multiple tiered roles: Organization Admin, Training Admin, Physical Access Admin, Electronic Access Admin, TCA Access Admin, and Removable Media Admin.
User authentication is handled by Auth0 with multi-factor authentication (MFA) support. Raptor Comply does not store user passwords directly.
SOC 2 Type II accredited
