SECURITY AT PHASIO

The extension of your IT team.

State-of-the-art data centers, encrypted CAD storage, isolated tenants, and a SOC 2 audit behind it all. Security is a constant – this page reflects what we do today and gets updated as we go.

SOC 2

Audited

TLS 1.2+

In transit

EU + US

Data centers

24/7

Monitoring

OUR BACKGROUND

Built with best practices from day one.

The Phasio team has experience working in the Swiss finance industry, the German space industry, and Fortune 500 technology companies – all subject to some of the most comprehensive cybersecurity regulations in the world. We bring that posture to manufacturing software.

SOC 2

Audited

Independent audit of access controls, encryption, and incident response

AES-256

Encryption at rest

Keys held in a hardened Vault environment and cycled on schedule

CAD files sent to AI providers

Geometry never leaves Phasio infrastructure; no third-party AI sees your parts

DATA RESIDENCY

Your data, in the region you choose.

We maintain state-of-the-art data centers in Western Europe and North America. You choose where your tenant lives at onboarding, and we keep production data within that region.

Western Europe – GDPR compliant. Primary data center with strict European data protection standards and EU-resident processing.
United States – low-latency for North America. Our second region serves customers who require US residency or want a shorter round-trip to the platform.
Documented sub-processors. We publish the list of cloud providers and tooling that touch customer data, and notify customers of changes.

Primary

Secondary

ENCRYPTION

Encrypted in transit. Encrypted at rest.

Every byte that moves between your shop and Phasio is encrypted with TLS 1.2 or higher. Every CAD file, message, and document is encrypted at rest with AES-256 and keys held in a hardened Vault environment.

TLS 1.2+ everywhere. Certificates issued by LetsEncrypt and cycled frequently. Older protocol versions are refused at the edge.
AES-256 at rest. Your CAD files and chat messages are encrypted on disk. Only you and your customers can read the contents.
Keys in a hardened Vault. Encryption keys are isolated from application infrastructure.

TLS 1.2+ in transit · AES-256 at rest · Vault-managed keys

ACCESS CONTROL

Only the people who need to, can.

Our internal access policies ensure that only authorised personnel reach sensitive data, and only when they need to. Development, staging, and production environments are strictly separated.

Cloud identity policies. Regional environments each have their own identity boundary – nothing is shared across them.
Production access is rare. Only senior engineers under confidentiality clauses and background checks can touch production – every action is logged.
Customer-side controls. On your tenant, MFA on admin accounts keep your own access tight.

Role-based access · MFA · Logged production access

AUDITS AND TRAINING

Independently audited. Continuously trained.

SOC 2 covers our access controls, encryption, and incident response today. Inside the team, ongoing training keeps the human side of security current.

SOC 2 audited. Independent audit of access controls, encryption, data handling and incident response – reports available under NDA.
Phishing and tabletop exercises. Regular simulated phishing campaigns and table-top incident exercises keep the team sharp.
Secure development training. Every engineer completes secure-SDLC training before being granted production access.

SOC 2 · Phishing simulations · Secure SDLC training

BUILT-IN PROTECTIONS

Security features that run on every tenant.

Automated patching

Security updates are applied continuously across our infrastructure, with audit logs to prove it.

Anomaly detection

Unusual traffic surface to our on-call engineers automatically.

Comprehensive audit trail

We maintain extensive infrastructure logging for forensic purposes.

Backup and disaster recovery

Daily encrypted backups with regional redundancy and documented recovery procedures.

Controlled access

Our engineers have gated access to the production servers, with access being logged and carefully controlled.

SSO and MFA

SAML / OIDC single sign-on and enforced multi-factor authentication on all administrative accounts.

FREQUENTLY ASKED

Common questions

Is Phasio SOC 2 audited?

Yes – Phasio is SOC 2 audited. We are actively working toward Type-II. Reports are available under NDA on request via your account team.

Where is my data stored?

Production data is stored in our primary data center in Western Europe, which is GDPR compliant. A second North American data center serves customers who require US residency. Customers can request access to our North American servers via chat.

How is my CAD data protected?

CAD files are encrypted at rest with AES-256 and in transit with TLS 1.2+. Encryption keys are held in an isolated Vault environment. Files belonging to one tenant are never visible to another tenant, and they are never sent to third-party AI providers.

Who at Phasio can access my data?

Production access is limited to a small set of senior engineers, each under confidentiality clauses and background-checked. All access is logged. Development, staging, and production environments are strictly separated.

How does Phasio train its team on security?

Every Phasio engineer completes secure-software-development training. The team runs regular phishing simulations, table-top incident exercises, and refresher courses. New hires complete onboarding before being granted production access.

Can I delete my data?

Yes. You can request deletion at any time. Deletion is performed across primary storage and retention is subject to our documented retention policy. We provide written confirmation when the request is complete.

THE REST OF THE PLATFORM