Security

Data protection

• Encryption in transit. All traffic to our Services is encrypted using TLS 1.2 or higher.
• Encryption at rest. Customer data stored in our infrastructure is encrypted at rest using industry-standard algorithms.
• Principle of least privilege. Access to production systems and customer data is restricted to personnel with a documented need, gated by strong authentication.

Infrastructure

Our infrastructure is hosted with leading cloud providers whose physical and environmental security controls meet recognized industry standards (e.g., SOC 2, ISO 27001). We segregate environments and apply network-level controls to limit exposure.

Software development

• All code changes go through review before being merged.
• We use automated tooling to detect known vulnerabilities in dependencies.
• We follow secure coding practices and address the OWASP Top 10 categories in code review.

Monitoring and incident response

We monitor our production systems for availability and suspicious activity. If we become aware of a security incident affecting your data, we will investigate, contain, and notify affected customers in accordance with applicable law and our agreements with you.

Reporting a vulnerability

We welcome reports from security researchers and the broader community. If you believe you've discovered a security issue in our Services, please email us at [email protected] with:

• A description of the issue and its potential impact.
• Steps to reproduce, including any proof-of-concept code.
• Any relevant logs, screenshots, or supporting material.

We ask that you give us a reasonable opportunity to investigate and remediate before disclosing publicly, and that you avoid privacy violations, service disruption, and destruction of data while testing.

Contact

For general security questions, reach us at [email protected].