WHERE UNDERSTANDING TAKES ROOT.

Seedili

Security & Procurement (Trust Center)

Seedili uses layered security controls to protect institutional data and support procurement requirements.

Last updated: 2026-03-09

Tenant Isolation

Row Level Security (RLS) and tenant membership scoping separate institutional data boundaries.

Access Control

Role-based access controls (RBAC) gate staff, admin, and platform-level operations.

Encryption

TLS protects data in transit and managed provider controls protect encrypted storage at rest.

Auditability

Centralized audit events support operational review, incident analysis, and compliance workflows.

Abuse Protection

Public form abuse checks use Turnstile and load lazily only when interaction requires verification.

Payments

Stripe checkout and webhook signature verification are used for billing event integrity.

Data protection & privacy

  • Seedili applies least-privilege data access and avoids storing secrets in tenant data stores.
  • Data collection is purpose-limited to support learning workflows, governance, and operations.
  • Administrative exports and audits are logged to support accountable handling of institutional data.

Tenant isolation & authorization

  • Tenant-scoped tables are protected with RLS policies tied to tenant memberships.
  • Tenant memberships define effective access and are checked before privileged actions.
  • Platform admin access is separated from tenant operations and audited in governance flows.

Authentication & SSO

  • Authentication supports OAuth, email/password, and magic link login flows.
  • SSO is supported where institution configuration and onboarding requirements are met.
  • Multi-factor controls can be enabled for additional assurance in sensitive access paths.

Infrastructure & operational security

  • Managed infrastructure services are used to reduce operational drift and patching risk.
  • Environment-level configuration separates development, preview, and production contexts.
  • Operational runbooks prioritize safe defaults and gradual rollout for sensitive changes.

Backup & Recovery

  • Seedili uses managed data platform durability controls and backup capabilities to support continuity planning.
  • Recovery Point Objective (RPO): Seedili targets restoring to a recent recovery point, with timing dependent on provider backup/PITR settings.
  • Recovery Time Objective (RTO): Seedili targets service restoration through an internal runbook and staged recovery process, based on incident scope.
  • Restore process: recovery follows an internal procedure and restoration operations are limited to authorized platform administrators.
  • Evidence is available on request, including relevant operation logs and provider configuration screenshots.

Payments & billing security

  • Payment processing uses Stripe-hosted checkout and managed payment methods.
  • Webhook handlers validate signatures before billing state changes are accepted.
  • Billing routes avoid exposing secret values in client responses or logs.

Monitoring & incident response

  • Security-relevant events are captured in unified audit streams for investigation.
  • Operational diagnostics support alerting and triage workflows across major surfaces.
  • Incident handling prioritizes containment, tenant impact assessment, and documented follow-up.

Incident Response & Support

  • Monitoring & detection: centralized logs and alerting are used to investigate security events.
  • Triage & escalation: severity-based triage is applied, with escalation to platform administrators.
  • Customer notification: Seedili notifies affected institutional customers within a reasonable timeframe based on severity and available facts.
  • Support channels: email-based support is available, with prioritized handling for institutional tenants.
  • Post-incident review: internal retrospectives are run and corrective actions are tracked.
  • Vulnerability reporting: contact security@seedili.com with responsible disclosure details so reports can be validated and triaged safely.

Secure development lifecycle (SDLC)

  • Release checks include build validation, smoke testing, and targeted quality gates.
  • Changes affecting authorization, billing, and policy surfaces are reviewed with defense-in-depth controls.
  • Production safety favors additive changes and explicit rollback paths.

Procurement pack

Request trust and procurement documents for institutional review and vendor due diligence.

Contact security

SOC 2 alignment

This mapping shows how Seedili controls align to SOC 2 common criteria references. It is an alignment aid and not a certification claim.

SOC 2 mapping data is currently unavailable.

FAQ

Do you claim absolute security?

No. Seedili uses layered controls and continuous improvement practices, but no internet system can guarantee absolute security.

How do you isolate institutions from each other?

Tenant-scoped authorization and RLS policies enforce data boundaries between institutions.

Can we request procurement documentation?

Yes. Use the procurement CTA below and our team will provide a trust/procurement pack.

How are billing events validated?

Stripe webhooks are checked with signature verification before billing state transitions are accepted.

Do you maintain audit trails for admin actions?

Yes. Administrative and policy-relevant actions are captured in centralized audit feeds.

What is protected on public forms?

Public submission endpoints use bot-abuse protections and rate limiting, with lazy-loaded challenge checks.