SilaCities/Security
security@silacities.com
SSecurity

Built for government data. Secure by default.

Urban intelligence only works if the data behind it is protected. Here is how we secure deployments, how we handle incidents, and how to reach us if you find something we should fix.

Per-deployment access controls — every layer scoped to the team that can see it
PLATE I · Fig. 01Per-deployment access controls — every layer scoped to the team that can see it. Source: GUS / Map View.
01 · IsolationStrictOne deployment, one dataset
02 · EncryptionDefaultTLS 1.2+ and AES-256 at rest
03 · AccessLeast-privilegeRole-based, audited
04 · Response24hAcknowledgement on disclosure
01Security pillars

Six commitments that shape every deployment.

Defaults that apply from the first session to the last.

01

Strict deployment isolation

Every client has its own isolated deployment. No shared databases, no cross-client queries, no leakage surface between deployments. Ever.

No crossover
02

Encryption by default

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Managed keys per deployment. No plaintext at rest, anywhere.

In transit and at rest
03

Least-privilege access

Role-based access controls with principle-of-least-privilege. Production access is audited. Internal access requires justification and is logged.

Audited
04

Signed exports

Every exported file (PDF, Word, PowerPoint, map export) goes through a short-lived, signed download link. No public URLs, no permanent share links by default.

Short-lived links
05

Continuous monitoring

Infrastructure and application monitoring, anomaly detection, and 24/7 alerting. Incident response procedures tested quarterly.

24/7
06

Secure development

Code review on every change, automated security scanning, dependency auditing, and penetration testing at major releases.

At every release
Data Management upload — every dataset tagged and scoped per deployment
PLATE II · Fig. 02Data Management upload — every dataset tagged and scoped per deployment. Source: GUS / Data Management.
02Regulatory alignment

Where we align, and where we are heading.

We publish an honest status of each framework. Aligned, on roadmap, or addressed per-engagement.

GDPRAlignedEU General Data Protection Regulation. DPA available on request.
UAE PDPLAlignedUAE Personal Data Protection Law. We operate under UAE jurisdiction.
SOC 2 · ISO 27001On roadmapFormal certification is tracked on our compliance roadmap. Review on request under NDA.
Regional frameworksOn requestGulf, Levant and North Africa regulatory requirements addressed per engagement.
03Coordinated disclosure

Found a vulnerability? Here is how to tell us.

We operate a coordinated-disclosure policy. No legal action against good-faith security researchers.

01

Report a vulnerability

Email security@silacities.com with a description and reproduction steps. We acknowledge within 24 hours and keep you updated until resolution. Do not publicly disclose before coordinated resolution.

02

Triage and resolution

We triage, validate and prioritise based on impact. Critical issues are patched in days. You get a timeline within one business day of acknowledgement.

03

Coordinated disclosure

Once patched, we agree a joint disclosure timeline. We credit the reporter unless you request anonymity. No legal action against good-faith security researchers.

04Formal review

In procurement? We’ll share more.

For formal procurement, audit or regulatory review we share our full security documentation. Architecture diagrams, security questionnaire responses, incident-response procedures, sub-processor list. Under NDA.

Direct line · Security

Contact security

Vulnerability disclosure, procurement, or audit review.

Security
security@silacities.com
DPO
dpo@silacities.com
Acknowledgement
24 hours
HQ
Dubai, UAE