The security of your data is a top priority. We understand the sensitive nature of the information you entrust to us and are committed to maintaining a secure platform. This document outlines the multi-layered security measures we have in place, from the handling of your data to the protection of our systems.

Understanding our security approach

Slant’s security philosophy is built on a foundation of industry best practices, robust technologies, and a proactive approach to identifying and mitigating risks. We continuously evaluate and enhance our security posture to address evolving threats.

Key security features

AI security & PII protection

We leverage Artificial Intelligence to enhance our services, doing so responsibly with a strong focus on protecting Personally Identifiable Information (PII).

Intelligent PII detection & handling

  • Automated detection: Our proprietary technology automatically scans text to identify PII using patterns, entity lists, and machine learning models.
  • Redaction: Sensitive data is irreversibly replaced with redaction characters (e.g., ) before it is sent to the LLM model.
  • Pseudonymization: Data is tokenized (e.g., NAME:aBcDeFg123) for AI processing. Original data is accessible only under audited, controlled conditions.

Obfuscation of sensitive vault data

  • Partial display (e.g., last four digits of SSNs) is used to minimize exposure of highly sensitive data.

PII proxy for added protection

  • A PiiProxy mechanism automatically redacts or pseudonymizes data before it is accessed or displayed in the application.

Data encryption

Slant protects data at rest and in transit using strong encryption.

Encryption at rest

  • Sensitive database contents are encrypted, including:
    • Original unmasked PII.
    • Vault-stored items like SSNs and financial data
    • Sensitive uploaded files
    • Life event dates
  • Technology: Rails’ Active Record encryption.

Encryption in transit

  • HTTPS/TLS everywhere: All platform communication is encrypted via TLS.

Secure credentials management

  • Configuration credentials are encrypted using Rails’ encrypted credentials system.

Application and infrastructure security

Authentication

  • Clerk is used for secure user identity management.
  • OAuth 2.0 is used for safe third-party integrations.

Authorization & access control

  • Pundit for enforcing access policies.
  • Custom permissions system for role- and resource-specific access control.

Webhook security

  • HMAC-SHA256 signature verification to validate incoming data.

Secure development & operational practices

  • Sidekiq dashboard: Basic Auth secured.
  • Host authorization: DNS rebinding protection.
  • Log filtering: Sensitive values excluded from logs.
  • Timing attack protection: Constant-time comparisons for cryptographic checks.

SOC 2 compliance

Slant is committed to meeting high standards for security and data protection. Our platform is built to align with SOC 2 trust service criteria.

SOC 2 Status

For current SOC 2 status, visit our Trust Center

Our ongoing commitment

Security is not a one-time setup; it’s an ongoing commitment. Slant continually monitors, evaluates, and improves our security to stay ahead of evolving threats. For questions or to report a vulnerability, please contact our support team at support@slant.app.