LEGAL & COMPLIANCE

Security & Compliance [cite: 288]

Effective Date: January 2026 [cite: 289]

At SFL Tech, security is foundational to how we design, implement, and support digital supply chain systems. [cite: 290] We operate in environments where operational continuity, system integrity, and data confidentiality are business-critical. [cite: 291] Our security and compliance framework is designed to meet enterprise expectations and global regulatory requirements. [cite: 292]

1. Our Security Philosophy [cite: 293]

Security at SFL Tech is guided by three core principles: [cite: 294]

  • Confidentiality - Data is accessible only to authorized individuals. [cite: 295]
  • Integrity - Systems and data remain accurate, consistent, and protected from unauthorized modification. [cite: 296]
  • Availability - Services remain resilient, stable, and operational. [cite: 297]

We implement layered controls across infrastructure, applications, processes, and people. [cite: 298]

2. Infrastructure & Cloud Security [cite: 299]

Depending on client configuration, our services may be deployed within: [cite: 300]

  • Secure cloud infrastructure environments [cite: 301]
  • Customer-hosted environments [cite: 302]
  • Hybrid configurations [cite: 303]

Security controls include: [cite: 304]

  • Encrypted data transmission (TLS 1.2 or higher) [cite: 305]
  • Network segmentation [cite: 306]
  • Role-based access control (RBAC) [cite: 307]
  • Secure authentication mechanisms [cite: 308]
  • Logging and monitoring of administrative access and Backup and disaster recovery processes [cite: 309]

Where third-party infrastructure providers are used, we engage reputable vendors that maintain internationally recognized security certifications (e.g., ISO 27001, SOC 2 where applicable). [cite: 310]

3. Access Control & Identity Management [cite: 311]

Access to systems and customer environments is governed by: [cite: 312]

  • Least-privilege access principles [cite: 313]
  • Role-based permissions [cite: 314]
  • Multi-factor authentication (where applicable) [cite: 315]
  • Controlled administrative access [cite: 316]
  • Periodic access reviews [cite: 317]

Only authorized personnel with a legitimate business need are granted access. [cite: 318]

4. Application Security [cite: 319]

We apply secure development and configuration practices across: [cite: 320]

  • System implementation [cite: 321]
  • Data integrations [cite: 322]
  • Automation workflows [cite: 323]
  • Managed service operations [cite: 324]

Controls include: [cite: 325]

  • Secure configuration standards [cite: 326]
  • Change management procedures [cite: 327]
  • Environment segregation (where applicable) [cite: 328]
  • Monitoring of system activity and anomalies [cite: 329]

We work closely with clients' IT and InfoSec teams to align with their internal governance frameworks. [cite: 330]

5. Data Protection & Privacy Compliance [cite: 331]

SFL Tech is committed to compliance with applicable data protection regulations, including: [cite: 332]

  • General Data Protection Regulation (GDPR) [cite: 333]
  • UK GDPR [cite: 334]
  • California Consumer Privacy Act (CCPA) [cite: 335]
  • California Privacy Rights Act (CPRA) [cite: 336]

We operate under defined Controller-Processor responsibilities where applicable and provide: [cite: 337]

  • Data Processing Addendums (DPA) [cite: 338]
  • Sub-Processor transparency [cite: 339]
  • Data subject rights assistance [cite: 340]
  • Breach notification procedures [cite: 341]

We do not sell personal data. [cite: 342]

6. Incident Response & Business Continuity [cite: 343]

SFL Tech maintains procedures to: [cite: 344]

  • Detect and respond to security incidents [cite: 345]
  • Escalate and contain potential threats [cite: 346]
  • Notify affected customers without undue delay [cite: 347]
  • Cooperate with regulatory obligations where required [cite: 348]

Business continuity measures include: [cite: 349]

  • Regular backups [cite: 350]
  • Disaster recovery planning [cite: 351]
  • Operational continuity planning [cite: 352]

Our objective is to minimize downtime and mitigate risk exposure. [cite: 353]

7. Vendor & Sub-Processor Risk Management [cite: 354]

We conduct due diligence before engaging third-party providers. [cite: 355] Our vendor evaluation considers: [cite: 356]

  • Security posture [cite: 357]
  • Regulatory compliance [cite: 358]
  • Data processing safeguards [cite: 359]
  • Contractual confidentiality commitments [cite: 360]

All Sub-Processors are bound by data protection obligations aligned with our DPA. [cite: 361] For additional information, please refer to our Sub-Processor List. [cite: 362]

8. Organizational Security [cite: 363]

Security is not only technical - it is operational. [cite: 364] We implement: [cite: 365]

  • Confidentiality agreements for personnel [cite: 366]
  • Access governance policies [cite: 367]
  • Internal data handling procedures [cite: 368]
  • Secure device and endpoint practices [cite: 369]
  • Defined escalation channels [cite: 370]

Personnel access is revoked promptly upon role change or termination. [cite: 371]

9. International Data Transfers [cite: 372]

Where personal data is transferred across borders, SFL Tech ensures: [cite: 373]

  • Standard Contractual Clauses (SCCs) or equivalent safeguards and Compliance with GDPR Chapter V [cite: 374]
  • Appropriate contractual protections [cite: 375]

10. Customer Collaboration [cite: 376]

We recognize that security is a shared responsibility. [cite: 377] SFL Tech works collaboratively with: [cite: 378]

  • CIOs and IT departments [cite: 379]
  • Compliance teams [cite: 380]
  • Security auditors [cite: 381]
  • Enterprise procurement [cite: 382]

We provide documentation, assist in security questionnaires, and support client risk assessments. [cite: 383]

11. Compliance Documentation [cite: 384]

Upon request, SFL Tech can provide: [cite: 385]

  • Data Processing Addendum (DPA) [cite: 386]
  • Sub-Processor disclosures [cite: 387]
  • Privacy Policy [cite: 388]
  • Security overview documentation [cite: 389]

Please contact: connectwithus@sfltech.ai [cite: 390]

12. Continuous Improvement [cite: 391]

Security threats evolve. So do we. [cite: 392] We continuously review and improve: [cite: 393]

  • Access controls [cite: 394]
  • Monitoring mechanisms [cite: 395]
  • Risk management procedures [cite: 396]
  • Regulatory compliance alignment [cite: 397]

Our goal is operational resilience and long-term trust. [cite: 398]

Company

About Us
Certifications

Solutions

Supply Chain Transformation
CargoWise Implementation & Optimisation
Integrations Solutions
Care by SFL
Master Data Management

Policies & Compliance

Privacy Policy
Cookie Policy
Security & Compliance
Employment Policy
Data Processing Addendum (DPA)
Sub-Processor List
connectwithus@sfltech.ai
Unit 201, Level 1, Gate Avenue, South Zone, Dubai International Financial Centre, United Arab Emirates
+971 52 909 4505
© 2026 SFL Tech PVT LTD. All rights reserved.