Security

Sleep through the night. Your infrastructure won't wake you at 3 AM.

Each client runs on its own dedicated VPS. Nobody shares keys, secrets never travel in plaintext, and every action is audited. Security is built in, at every layer of the design.

Principles

How we protect your infrastructure

1 dedicated VPS per client

Your panel and your data live on an isolated instance, separate from any other client. No neighbors.

AES-256 encrypted backups

Every backup is encrypted before it leaves the server. Multi-cloud, with tested restore and approvals for production.

Protected secrets

Keys, tokens and passwords never appear in plaintext in logs, nor are they exposed to the AI assistant.

4-level roles

Role-based permissions —user, manager, admin and portal—. Everyone does only what they should.

Per-organization isolation

Database-level rules separate each organization's data. One client never sees another's.

Full auditing

Every operation is logged with its live output, and SSH commands are logged separately for traceability.

Always-valid SSL

Let's Encrypt certificates with automatic renewal. No certs dying at 3 AM.

Private VPN network

Monitoring and server access travel over a private Headscale/WireGuard mesh, not the open internet.

AI with human confirmation

The assistant only runs actions from a narrow allowlist, always with your confirmation. It never touches the system on its own.

Before every change

An operational safety net

Operations that can break something don't run blindly. There are layers that cover you.

Automatic pre-backup

Before a restore, deploy, update or migration, Steer takes an automatic backup of the current state.

Approved restores

Restores onto production require an administrator's approval.

Guards on risky operations

Dangerous operations —destructive SQL, for instance— are detected and blocked based on the environment.

Data and compliance

Your data, with clear rules

We operate on the principle of least privilege and per-client isolation: one organization per panel, separated data and audited access.

For clients who need it, we sign a GDPR-aligned data processing agreement (DPA). We continuously work toward an ISMS aligned with ISO 27001 and plan periodic third-party penetration tests (see the roadmap below).

Transparency: what we describe here is the security already in the product. Formal certifications are part of our roadmap and advance as we grow. If you have a specific requirement, let's talk it through.
Trust roadmap

Where trust is headed, with honest dates

We don't claim certifications we don't have. Here's what's already in place and what's next.

Today
GDPR DPA + encryption

We sign a GDPR-aligned DPA and encrypt secrets at rest. Per-client isolation is active.

In progress
Whitepaper + CAIQ

Security whitepaper and CAIQ questionnaire to speed up your clients' due diligence.

Next
Third-party pentest

Periodic penetration tests on the platform, run by an external partner.

Roadmap
ISO 27001 ISMS

A management system aligned with ISO 27001, to be formalized as we scale. Not yet certified.

Have a security requirement?

Let's talk about your case

We'll walk you through exactly how Steer protects your infrastructure. You steer. It runs.

Contact usSee pricing