Protection is engineered into the database platform, not bolted on. A zero-trust foundation with per-tenant WASM isolation, encryption at rest and in transit, SCRAM-SHA-256 authentication, tenant isolation, and audit logging — so teams can build the next generation of data infrastructure on solid ground.
Isolation, encryption, and authentication are part of how the platform runs — not features added on top. Here is the security model Silos is built on.
From the WASM runtime to the replication fabric, protection is engineered in — not added after the fact.
Every database runs inside its own WebAssembly sandbox with no shared memory or runtime between tenants — a strong isolation boundary that keeps each customer's workload contained.
Data is encrypted at rest with AES-256-GCM and in transit with TLS 1.3. Snapshots and WAL segments are encrypted before they leave the primary region.
Database connections authenticate over the standard PostgreSQL SCRAM-SHA-256 challenge-response mechanism, so credentials are never sent in the clear.
Connections, queries, and administrative actions can be recorded to an append-only audit trail, giving teams a record of activity across their databases.
Storage is scoped per database in the virtual file system, so each tenant's files stay separated from every other tenant on the platform.
Restrict connections to known networks with IP allowlists, and use PostgreSQL row-level security to scope access down to individual rows.
Strong defaults, regional control, and a privacy-first approach to how your data is stored and handled.
We aim to collect only the data needed to run the service. Access to customer database contents by Silos staff is restricted and logged.
Choose which regions hold your data. Pinning storage and replication to specific regions helps teams meet data-residency requirements.
Encryption, per-tenant isolation, and authentication are on by default — security does not depend on extra configuration to be in effect.
We want to be straight with you: Silos does not hold any security or privacy certifications yet. The items below are goals we are actively working toward — not claims of current status.
Silos is pre-certification. We are working toward SOC 2 Type II and HIPAA, but we are not yet certified or compliant with any of these frameworks. We will update this page as that changes.
We are building toward SOC 2 Type II, formalizing the security controls and evidence we will need before pursuing certification. Not yet certified.
We intend to support workloads with HIPAA requirements as the platform matures. We are not HIPAA compliant today.
We are working toward GDPR alignment and stronger data-residency controls. These are in progress, not yet completed.
How we protect your data, ensure compliance, and maintain security across the database platform.
Silos encrypts data at rest using AES-256-GCM and in transit using TLS 1.3. A zero-trust model authenticates and authorizes requests, with database connections authenticated via SCRAM-SHA-256. Each database runs inside its own per-tenant WASM sandbox with no shared memory or runtime between tenants.
Not yet. Silos does not currently hold SOC 2, HIPAA, ISO 27001, or any other security or privacy certification. We are working toward SOC 2 Type II and HIPAA — see our compliance roadmap above. We would rather be upfront about this than imply certifications we do not have.
We aim to collect only the data needed to run the service. Access to customer database contents by Silos staff is restricted and logged. We take a privacy-first approach and are working toward stronger formal privacy controls as the platform matures.
Silos lets you choose which regions hold your data, so you can pin storage and replication to specific regions. This helps teams address data-residency requirements, though it is not a substitute for a formal compliance certification.
Silos applies defense in depth: per-tenant WASM isolation, encryption at rest and in transit, SCRAM-SHA-256 authentication, tenant isolation in the storage layer, IP allowlisting, PostgreSQL row-level security, and audit logging. To report a security issue, please use our vulnerability disclosure contact.
Our team is here to help — talk through your security requirements, ask about our compliance roadmap, or report a vulnerability.