Security at Adanas Tech

Last updated: 2026-05-03

Security is foundational to how we build and operate Classoma, Pet Care ERP, and Adanas Build engagements. This page summarises the controls we put in place to protect our customers and their users.

1. Cloud and infrastructure

• Hosting on tier-1 cloud providers (AWS, GCP) with multi-AZ availability.
• Network isolation via private subnets, security groups, and least-privilege IAM.
• Infrastructure as code with peer-reviewed change management.

2. Data protection

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Daily encrypted backups with documented restore procedures.
• Tenant isolation in multi-tenant deployments via row-level security.

3. Access controls

• SSO/MFA enforced on production systems.
• Role-based access for engineers and support staff with audit logging.
• Hardware-backed credentials and quarterly access reviews.

4. Application security

• Secure SDLC with peer-reviewed code, automated dependency scanning, and CI security checks.
• OWASP-aligned protections (input validation, output encoding, anti-CSRF, rate limiting).
• Periodic third-party penetration testing for products handling sensitive data.

5. Monitoring and incident response

• Centralised logging with retention and alerting on anomalies.
• On-call rotation with documented runbooks.
• Customer notification within contractual SLAs in the event of a confirmed incident.

6. Vendor and sub-processor management

We assess vendors before onboarding and contract for appropriate data protection. A current list of sub-processors is available on request.

7. Responsible disclosure

If you believe you have found a security vulnerability, please report it privately to [email protected]. We commit to acknowledging your report promptly and working with you on remediation. Please do not test in ways that could harm users, exfiltrate data, or disrupt service. See /.well-known/security.txt for our machine-readable contact.

8. Compliance posture

We design and operate to be SOC 2 Type II-ready and GDPR-aligned. Specific certifications and reports applicable to your engagement are available under NDA.

9. Contact

General security questions: [email protected].