SGEN Security
Last updated: 2026-05-27
SGEN's security posture is architectural. The platform eliminates the primary attack surface that makes WordPress sites vulnerable: third-party plugins.
This page covers SGEN's built-in security controls, compliance certification status, and how EU and UK customers can obtain documentation for vendor security reviews.
Architecture: no plugin attack surface
70% of WordPress vulnerabilities originate in plugins. SGEN has no plugin layer.
Every SGEN site runs on a single, first-party codebase. There are no third-party plugins to misconfigure, fail to update, or conflict with each other. Security patches ship platform-wide, automatically, without compatibility concerns.
What this means in practice:
- Zero third-party plugin vulnerabilities — the class does not exist on this platform.
- One codebase receives unified security updates across every site.
- Automatic patching without compatibility holds.
- Role-based access controls built into every feature module.
- Comprehensive audit logging across the platform.
Built-in controls
Access control
SGEN's user management module (SG-Core → Users) provides role-based access control across every site. Administrators assign roles with scoped permissions. Privilege escalation outside assigned roles is not possible through the platform interface.
Multi-factor authentication is available for all account holders.
Audit logging
Security-relevant events within the admin are logged and accessible to site administrators.
Data in transit
All data in transit uses TLS encryption with industry-standard cipher suites.
Data at rest
Customer data and site content stored on SGEN infrastructure is encrypted at rest using industry-standard symmetric encryption.
Infrastructure and hosting
SGEN's platform runs on first-party cloud infrastructure with industry-standard physical and network security controls.
DDoS and network protection
Network-level DDoS mitigation is part of SGEN's infrastructure layer.
Compliance certifications
SOC 2 Type II
SGEN's SOC 2 attestation status will be published on this page once available. Contact legal@sgen.com for current status and to request documentation under NDA.
ISO 27001
SGEN's ISO 27001 certification status will be published on this page once available. Contact legal@sgen.com for current status and to request documentation under NDA.
Penetration testing
SGEN periodically engages independent third parties to perform security assessments of the platform. Executive summaries may be available to enterprise customers under NDA. Contact legal@sgen.com to request penetration test documentation.
EU and UK compliance posture
GDPR and UK GDPR
SGEN processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and, for UK customers, the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
Key points:
- SGEN acts as a data controller for account and platform data.
- SGEN acts as a data processor for customer website data collected through SGEN-hosted sites, under the terms of a Data Processing Agreement.
- A Data Processing Agreement (DPA) is available to EU and UK customers.
Contact legal@sgen.com to request a copy. The DPA template is also published at /dpa.
For SGEN's full GDPR posture statement, see this page (/security).
Sub-processors
SGEN uses third-party sub-processors to deliver certain platform functions — cloud hosting, content delivery, payment processing, email delivery, and support tooling. A current list of sub-processors is maintained at /sub-processors.
Data residency
EU data residency options will be announced on this page as they become available. Contact legal@sgen.com for current data-location information.
Breach notification
In the event of a personal data breach that triggers notification obligations under applicable law, SGEN will notify affected customers within the timeframes required.
Vulnerability disclosure
If you believe you have found a security vulnerability in SGEN's platform or infrastructure, contact security@sgen.com. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and respond.
Contact
Security disclosures: security@sgen.com
Compliance documentation requests (DPA, SOC 2, penetration test attestation): legal@sgen.com
Company: NEGS117 LLC d/b/a SGEN
Address: 360 E Desert Inn Rd #1501, Las Vegas NV 89109, USA
Related compliance documents
/dpa— Data Processing Agreement template/sub-processors— Current sub-processors list/data-residency— Data residency statement/privacy-policy— Privacy Policy
