Security at Solya

Solya runs on Microsoft Azure with a best-of-breed managed stack: we assemble proven, vendor-operated services rather than self-hosting critical components. This keeps the security baseline at the level Azure maintains, not at the level a small team could replicate alone.

The data and intelligence layers run on Azure Databricks, which gives us governed data processing, lineage and access controls out of the box. Compute and storage are hosted in European Azure regions.

Each customer’s data is logically separated, and access follows a least-privilege model: services and people get only the scopes they need. Internal access to production data is restricted, authenticated, and logged.

Connectors to your systems use scoped credentials. Solya reads what it needs to decide and writes back orders, transfers and price changes through the same governed path. Nothing moves outside that scope.

Data is encrypted in transit (TLS) and at rest using Azure-managed encryption. Secrets and credentials are held in managed key storage, not in application code or configuration files.

Solya proposes; your team decides what runs automatically and what needs human approval. Every action is versioned with a full audit trail (who proposed it, who approved it, and why) and can be rolled back in one click.

We are transparent about where we are: Solya is not yet formally certified (SOC 2 / ISO 27001). The Azure and Databricks services we build on are themselves SOC 2 and ISO 27001 certified, which underpins our infrastructure today, and we are actively working toward our own certification.

If your security team needs to review our posture before a deployment, we’re happy to walk through it in detail. Write to [email protected].

Found something, or have a question about how we handle data? Contact [email protected] and we’ll get back to you quickly.