Security at Navixy

    Effective: September 19, 2024Last updated: May 20, 2025

    At Navixy, we take a proactive and robust approach to information security, designed to meet the high standards required by enterprises, telematics service providers, and government organizations. Our security practices focus on protecting sensitive data, ensuring compliance with global standards, and providing our clients with transparent and customizable security controls.

    SOC 2 Type II audit

    Navixy has completed a SOC 2 Type II audit, demonstrating our commitment to maintaining strong security controls and protecting customer data.

    The audit was performed by an independent third-party auditor against the AICPA Trust Services Criteria. A SOC 2 Type II report evaluates not only the design of security controls, but also their operating effectiveness over a period of time.

    The SOC 2 Type II report is available to customers and qualified prospects upon request under NDA. You can learn more about our security posture at our Trust Center.

    Data protection and encryption

    We employ industry-leading encryption standards to safeguard data at all stages:

    • Data in Transit: We utilize TLS (Transport Layer Security) for all data transmissions.
    • Data at Rest: All stored data is protected using AES-256 encryption.
    • Region-specific Encryption Keys: We use region-specific encryption keys to ensure compliance with local regulations.

    Our encryption practices are continuously monitored and updated to align with the latest security protocols and best practices.

    Access control and authentication

    We implement a multi-layered approach to access control:

    1. Role-based Access Control (RBAC)
    2. Two-factor Authentication (2FA)
    3. Account Lockout Mechanisms
    4. Strong Password Policies

    For more details on each of these measures, please see our full security documentation.

    Data input validation and sanitization

    We implement comprehensive input validation and sanitization techniques across all user-facing forms and API endpoints, including:

    • Cross-site Scripting (XSS) Prevention
    • Injection Attack Mitigation

    File upload security

    Our file upload system includes:

    • File extension and content validation
    • Input filtering for uploaded files

    Security monitoring and auditing

    Our security monitoring process includes:

    • Continuous security event logging and monitoring
    • Regular Internal and External Security Audits
    • SOC 2 Type II audit completed, with the report available to customers and qualified prospects upon request

    Compliance with global data protection regulations

    Navixy is fully compliant with major global data protection standards, including GDPR and CCPA. For more information, please see our Compliance documentation.

    High availability and redundancy

    Our infrastructure is built for high availability and redundancy, including:

    • Multiple Data Centers in Each Region
    • Regular Data Backups and Comprehensive Disaster Recovery Plans

    Transparency and client control

    We provide full transparency and control over security settings, including:

    • Customizable Security Configurations
    • Real-time Status Page for System Performance and Security Incidents

    Ongoing security improvements

    We continuously evolve our security practices to stay ahead of emerging threats:

    • Proactive Threat Management
    • Regular Security Updates and Patches

    For security-related inquiries or to report a security issue, contact our security team at [email protected]

    Last updated: May 20, 2025