Security & Trust
Enterprise‑grade controls for data, access, and operations. Our security program is built on layered defenses, least privilege, and continuous monitoring.
Data protection
Data protection
- Encryption in transit (TLS 1.2+) and at rest (AES‑256)
- Optional single‑tenant VPC or on‑prem deployment
- Object‑level access policies and audit trails
- No training on enterprise data unless expressly allowed
- Backups and disaster recovery with periodic restore tests
Compliance
- GDPR aligned processing and DPA on request
- SOC 2 Type II program in progress
- SCCs and regional data residency options
- Annual third‑party penetration testing
Identity & access and secure development
Identity & access
SSO via SAML/OIDC, SCIM provisioning, RBAC with least privilege, and per‑environment API keys. Sensitive operations require step‑up authentication and are logged for audit.
Secure development
Threat modeling, peer reviews, static analysis, and dependency scanning are part of our SDLC. Changes roll out via staged environments with automated checks and traceable approvals.