Security & Compliance

Enterprise-Ready Architecture. Privacy by Design.

MagicSword was built as a security-first platform from day one. Our architecture minimizes data collection, isolates processing layers, and runs entirely on enterprise-grade certified infrastructure.

Security isn't a feature. It's the foundation.

Federal

NIST SP 800-53

AC-3, SI-7, AC-6, AU-2 control mapping

Industry

CIS Controls v8

Level 2 benchmark alignment

Payment

PCI DSS

Execution control for payment environments

Defense

CMMC

Level 2 and Level 3 alignment

Enterprise

SOC 2 Type II

In progress — infrastructure certified

Privacy

GDPR

Privacy-by-design, zero PII

Australia

Essential Eight

Application control maturity

Our Security Architecture

MagicSword's infrastructure is distributed across purpose-built, security-certified cloud providers.

AWS (US-East)

Core cloud infrastructure

Supabase (AWS-hosted)

Backend & database

Vercel

Frontend hosting

GCP (Cloud Run Jobs)

Isolated intelligence processing

Key Architectural Principle: Threat intelligence enrichment runs independently and has no access to customer data, environments, or credentials. Customer data remains isolated by design.

Security Controls

→Encryption in Transit: TLS 1.2+

→Encryption at Rest: AES-256

→Role-Based Access Control (RBAC)

→Least-Privilege Access

→Secure Authentication & Session Management

→Monitoring & Audit Logging

→Defined Data Retention Policies

→US-East Data Residency

Data Privacy & Handling

What We Collect

→Aggregated application execution telemetry
→Hostnames for asset identification
→Policy configuration settings

What We Do NOT Collect

×No PII
×No credentials or passwords
×No file contents
×No user browsing data
×No network packet captures

Third-Party Risk Management (TPRM)

We regularly complete vendor security reviews for enterprise customers in financial services and government sectors. We can provide:

→Completed security questionnaires
→Architecture diagrams
→Data flow documentation
→Infrastructure provider certifications
→Direct access to our security team

For compliance inquiries: legal@magicsword.io

Prevention-First Security Simplifies Compliance

MagicSword reduces execution risk before it becomes an incident. That directly strengthens SOC 2, NIST, CMMC, PCI DSS, GDPR, and Essential Eight alignment.