Production finance software with security at every layer.
Saturation covers budgeting, banking, bill pay, p-cards, and approval flows. All of it protected with SOC 2, end-to-end encryption, and FDIC-insured funds.
Commitment to your security.
At Saturation, we prioritize your data security. We've designed our systems not just to streamline your work, but to do so while safeguarding your data.
SOC 1 Type 1.
Where SOC 2 covers data security, SOC 1 covers financial controls. The audit independently verified that Saturation's controls over budgets, actuals, production banking, contractor payments, and cost reporting are properly designed: the standard studios, enterprise clients, and financial auditors require when a platform is handling their money.
Full SOC 1 report available under NDA. Contact security@saturation.io.
SOC 2 Type 1.
SOC 2 Type 1 certification validates that Saturation's internal controls are designed effectively to protect sensitive financial data and operate with security and integrity. The assessment evaluates controls related to security, availability, and confidentiality at a specific point in time, confirming that the company has appropriate safeguards in place from prep through wrap.
Full SOC 2 report available under NDA — contact security@saturation.io.
Data protection.
Your data is paramount. All information transmitted to and from Saturation is encrypted in transit with TLS 1.2 or higher, and AES-256 at rest. Our Information Security Policy underpins our dedication to data protection, and we regularly conduct risk assessments to identify and mitigate potential threats.
Privacy first.
We deeply respect your privacy. Client data remains confidential and is only accessed as necessary to provide our services. We do not share client data unless required to perform the required services.
AI processing.
AI features in Saturation send your prompts and content to a small set of enterprise AI providers we contract with directly. Those providers do not train their public models on your data, and they do not retain prompts beyond the request itself.
The full list of AI providers we use is on our sub-processor page.
Reliable infrastructure.
Saturation is built on Render, a trusted platform that automatically encrypts data in transit and at rest. Render employs high-security protocols such as network isolation and traffic encryption. They comply with globally recognized certifications like SOC 2 and GDPR.
At the edge, every saturation.io request is served over HTTPS with HSTS preload eligibility, and a strict Content Security Policy restricts which script and frame origins the browser will load.
IT controls and practices.
We are enforcing multi-factor authentication (MFA) to enhance security. We apply MFA to all accounts on internal applications and third-party services, such as cloud providers. Key IT policies and baseline standards ensure that all devices and services adhere to our security standards, from deployment to end-of-service.
We engage independent third parties to perform application penetration testing on an annual cadence, and run continuous vulnerability scanning between assessments.
Backup and continuity.
Production data is continuously replicated, with point-in-time database recovery and automated snapshots taken throughout the day. Backups are retained across multiple availability zones so a regional incident never means lost work — your budgets, approvals, and ledger remain restorable through wrap and well past it.
Ongoing improvements.
Our commitment to security is unwavering. We're continuously refining our security measures to ensure uncompromised data integrity. Our Information Security Policy is regularly updated to align with evolving business operations and security risks.
Responsible disclosure
Found a vulnerability? Tell us.
Security researchers are an important part of how we keep production data safe. Send us reproduction steps and we'll acknowledge within two business days.
Security questions, answered.
Common questions from production teams, studios, accountants, bond companies, and financiers evaluating Saturation.
Your production data deserves this level of care.
Saturation is built for productions that can't afford a breach. SOC 2 certified, encrypted at every layer, and auditable from first dollar to final wrap.