Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Customer-managed encryption keys (CMEK) available on Enterprise.
Security & trust
Security built into every layer
From the first line of code to the last byte of customer data — we treat security and privacy as core product features, not afterthoughts.
Independently audited & certified
SOC 2 Type II
HIPAA
GDPR
ISO 27001
CCPA
PCI DSS
Our approach
The four pillars of a trustworthy platform
Concrete commitments rather than vague promises — here is exactly how your data is protected.
Least-privilege access
Just-in-time access, full audit trails, mandatory MFA and quarterly access reviews for every internal system.
Resilient architecture
Multi-region, multi-AZ deployment. Hourly point-in-time backups with verified restore drills every quarter.
Secure by design
Threat-modeled features, mandatory code review, automated SAST/DAST and an active bug bounty program.
Data residency
Your data, in the region you choose
US and EU regions are available on every paid plan. Enterprise customers can request custom regions including UK, Canada and Australia.
- No cross-region data movement — ever
- Region-specific encryption keys
- Region-aware data subject request workflows
- Tenanted infrastructure on Enterprise
Documentation
The details, on tap
Everything you need for your security review. Most live behind a click-through NDA — your contact form goes straight to our security team.
SOC 2 Type II report
Latest report and bridge letter, available under NDA.
Request accessPen-test summary
Annual third-party penetration test summary.
Request accessSecurity whitepaper
Architecture, threat model and operational controls.
Request accessSubprocessor list
Live list of vendors that handle customer data.
Request accessCustom DPA
GDPR-aligned Data Processing Agreement on request.
Request accessAI safety overview
How our AI agent handles sensitive data and PII.
Request access
Get started
Bring our security team into the room
Every security review is run by real engineers on our team — typically a 30-minute call, then we tailor docs to your stack.
Free guided migration · No setup fees · Real humans behind every reply