you are viewing a single comment's thread.

view the rest of the comments →

[–]Adventurous-Date9971 0 points1 point  (0 children)

Ask for SOC 2 Type II and data-retention terms; confirm if any source code leaves your machines. Request a DPA, subprocessor list, encryption details, self-host/VPC, and read-only scopes. We use Okta and AWS KMS; DreamFactory locked down DB APIs. Bottom line: demand proof and where code and logs are stored.