Skip to content
EN | ES
Sign In Start Free →

Security

Enterprise-grade security you can trust

NavTour is built on industry-leading security practices. Your data is protected at every layer.

SOC 2 Compliant
99.9% Uptime SLA
AES-256 Encryption
GDPR Ready
Azure Hosted

Data Security

Your data is encrypted at rest (AES-256) and in transit (TLS 1.3). We implement strict access controls, regular key rotation, and comprehensive audit logging. Demo content is isolated per tenant with row-level security.

Every database query is scoped to your tenant. There is no mechanism to access another organization's data, even in error. Encryption keys are managed via Azure Key Vault with automated rotation policies.

Infrastructure

NavTour runs on Microsoft Azure with multi-region redundancy. Automated backups, disaster recovery, and 99.9% uptime SLA. Infrastructure is managed via code with automated security scanning on every deployment.

We use Azure App Service, Azure SQL, and Azure Blob Storage with geo-redundant replication. Every deployment passes through automated SAST and dependency vulnerability scans before reaching production.

Compliance

NavTour is SOC 2 Type II compliant. We undergo annual third-party audits covering security, availability, and confidentiality. We also comply with GDPR, CCPA, and maintain a current Data Processing Agreement (DPA).

Our SOC 2 report is available under NDA for enterprise customers evaluating NavTour. Contact our team to request a copy along with our completed security questionnaire.

Privacy

We collect only what's necessary. Demo viewer data is anonymized by default. You control data retention policies. We never sell customer data. Full GDPR data subject rights supported: access, deletion, portability.

NavTour does not use customer data for model training or any purpose beyond delivering the service. When you delete your account, all associated data is permanently purged within 30 days.

Responsible Disclosure

We maintain a responsible disclosure program for security researchers. If you discover a vulnerability, please email security@navtour.com. We respond within 24 hours and never pursue legal action against good-faith reporters.

We appreciate the security research community and are committed to working with researchers to verify, reproduce, and respond to legitimate reports. Critical issues are triaged immediately.

Questions about security?

Our team is happy to discuss security practices, share our SOC 2 report, or review your compliance requirements.

Contact Security Team