Security

WebLogic operates a SOC 2-aligned program, with annual third-party review of access management, change management, and incident response. Reports available under NDA.

We follow OWASP ASVS Level 2 for engineered surfaces and CIS Benchmarks for the infrastructure we operate on behalf of clients.

All staff use SSO with FIDO2 hardware keys. No service account is shared. Production access is just-in-time and audit-logged.

Code review is mandatory; signed commits are required on all release branches.

Default stack: Vercel + Cloudflare + managed databases (Supabase, Neon, or client-owned). All HTTP traffic is TLS 1.3 with HSTS. Edge regions are isolated per client when required.

RUM and synthetic monitoring on every production surface via Datadog.

We follow a documented IR playbook with a 15-minute initial-acknowledgement SLA for high-severity incidents during business hours and a 60-minute SLA off-hours.

Clients on Always-On retainers receive root-cause analysis within 5 business days of any production incident.

Send disclosures to support@weblogic.digital. We acknowledge within 24 hours and provide a timeline within 5 business days.

We thank coordinated disclosers publicly with consent.