We hold ourselves to the controls we sell.
A GRC vendor that doesn't eat its own dogfood isn't trustworthy. tecsxpert runs on tecsxpert — and every certification, sub- processor and live finding lives here.
What we hold.
The shape of our program.
Security
Defense in depth. SSO, MFA, just-in-time access, network segmentation, dedicated infra per customer tier, continuous vulnerability scanning of our own stack.
Privacy
Privacy by design. Minimization, role-based access, regional data residency, DPA, sub-processor transparency, breach notification SLA.
Infrastructure
Multi-AZ in Mumbai, Frankfurt, US-East. Private VPC option, customer-managed keys, hardware-security-module backed crypto for Enterprise tier.
Access control
SAML / OIDC SSO, SCIM provisioning, fine-grained RBAC, time-bound elevation, full audit log of every action.
Resilience
99.99% uptime SLA on Enterprise. RPO < 5 min, RTO < 30 min. Quarterly DR exercises. Live status page.
Transparency
Sub-processor list public. Material changes notified 30 days ahead. SOC 2 report under NDA. Penetration test summary available.
Sub-processor list
Always public. 30-day notice on changes. Subscribe to receive change notifications by email.
Request accessDPA & SCCs
Pre-signed Data Processing Agreement and Standard Contractual Clauses available before signature.
Request accessStatus & incident log
Live status page. Public post-mortems within 7 days of any P0/P1 incident.
Request accessTalk to our security team.
Custom security review, SOC 2 report under NDA, or a deep-dive into our own controls — happy to do it.