Security is our foundation
As a compliance company, we hold ourselves to the highest security standards. Here's how we protect your data and earn your trust.
SOC 2 Type IIISO 27001GDPR Compliant
Security controls
Defense in depth across every layer of our platform.
Encryption at Rest
AES-256 encryption for all stored data, including backups and database snapshots.
Encryption in Transit
TLS 1.3 for all communications between clients, APIs, and internal services.
Access Controls
Role-based access control, SSO integration, and MFA enforcement for all accounts.
Data Isolation
Tenant-level data isolation ensuring your data is never co-mingled with other customers.
Incident Response
24-hour incident response SLA with documented runbooks and post-incident reviews.
Penetration Testing
Annual third-party penetration tests with findings remediated within 30 days.
Sub-processors
We carefully vet every third party that processes your data.
| Provider | Purpose |
|---|---|
| AWS | Infrastructure |
| Cloudflare | CDN / WAF |
| Datadog | Monitoring |
| Stripe | Billing |
Questions about our security?
Our security team is happy to discuss our practices, provide documentation, or schedule a call.
Contact Security