Skip to content
Now live — AI Copilot powered by Anthropic
Product Solutions Pricing Docs
EN · ES Sign In Start Free →
Security

Enterprise-grade security,
Americas-native compliance.

SOC 2 Type II certified, hosted on Microsoft Azure, bilingual EN/ES security operations. Built for the compliance requirements of enterprise buyers in Latin America.

SOC 2 Type II AES-256 at rest ยท TLS 1.2+ in transit Microsoft Azure 99.9% uptime SLA
Security principles

Secure by default

All data encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication uses short-lived JWT tokens. No plaintext secrets in transit or storage.

Access controls

Role-based access control per workspace. SSO via SAML 2.0 and Azure AD on Enterprise plans. Multi-tenant isolation with row-level tenant scoping on all data.

Monitoring and audit

All API actions are logged with actor, timestamp, and resource ID. Audit logs are available to Enterprise plan admins. Azure Monitor for infrastructure alerts.

Compliance verified

SOC 2 Type II attestation maintained on an annual cycle. Supporting documentation available to Enterprise customers under NDA on request.

Last reviewed: April 2026

Data security

All customer data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Backups are encrypted and stored in geographically separate Azure regions. Access to production data is limited to a small set of authenticated engineers and is logged.

Demo content (captured HTML/CSS frames, annotations, and analytics) is stored in Azure SQL with row-level tenant isolation. No customer workspace data is accessible to other tenants.

Infrastructure

NavTour is hosted on Microsoft Azure in the East US and Brazil South regions. We use Azure App Service, Azure SQL, Azure Blob Storage, and Azure CDN. Uptime is monitored with a 99.9% SLA target.

Deployments are automated through GitHub Actions with required pull request review. Infrastructure changes go through a change management process with rollback procedures.

Compliance

NavTour maintains SOC 2 Type II attestation covering Security, Availability, and Confidentiality trust service categories. The audit is conducted annually by an independent third-party auditor.

Enterprise customers can request a copy of the SOC 2 report under NDA. Contact enterprise@navtour.cloud to request the report.

Privacy and AI

NavTour does not sell customer or visitor data to third parties. For AI features powered by Anthropic Claude, demo content is sent to Claude only for in-session inference. Your workspace content is never used to train AI models. All AI prompts and outputs are deleted after 30 days.

See our Privacy Policy for full details on data collection, retention, and your rights as a data subject.

Responsible disclosure

If you discover a security vulnerability in NavTour, please report it to security@navtour.cloud. We ask that you give us reasonable time to investigate and address the issue before public disclosure.

We will acknowledge reports within 2 business days, provide regular status updates, and credit reporters in our security acknowledgements where appropriate. We do not pursue legal action against researchers acting in good faith.

Enterprise security that passes procurement review.

SOC 2 Type II report available under NDA. SSO, data residency, and custom DPA available on Enterprise plans.

Talk to the enterprise team → View pricing
For enterprise teams

Need SSO, data residency, or a custom MSA?

Our enterprise team works with P4 Software, Barrdega, and 40+ customers across 32 countries. We’ll scope a pilot that fits your compliance needs.

Talk to the team