Trust Center

Security you can verify, not just trust

You’re handing us a map of your weak points. We hold that responsibility to a higher standard than anyone — here’s exactly how.

Where we are today

We believe a trust center should be honest about the present, not just aspirational. The controls below are built into the platform today. Formal third-party attestations — SOC 2 Type II and ISO 27001 — are on our near-term roadmap, and we’re happy to share our current posture, architecture details, and security questionnaire responses with prospective customers under NDA.

Request our security package
Our controls

Defense in depth, by design

The platform that thinks like an attacker is built like a target worth protecting.

Application & infrastructure security

Built on AWS with least-privilege roles, network isolation, and infrastructure-as-code reviewed before it ships.

Encryption

Data is encrypted in transit (TLS) and at rest. Secrets are managed outside the codebase and never logged.

Tenant isolation

Every tenant’s data is isolated at the database with row-level security — the foundation of our multi-tenant model.

Identity & access

OIDC single sign-on and role-based access control, so the right people get exactly the scope they need.

Audit & accountability

An immutable, append-only audit trail records every privileged action for incident review and compliance.

Incident response

A defined process to detect, contain, and communicate. Affected customers are notified without delay.

Sub-processors & vendor security

We use a small, vetted set of sub-processors. Our current list is available to customers on request.

Doing enterprise diligence?

We’ll walk your security team through our architecture, controls, and roadmap — and answer your questionnaire.