Security is our top priority
We implement layered security practices to keep workspace data safe, visible, and recoverable.
Encryption at Rest
All data is encrypted using AES-256 when stored in our databases. Sensitive information is never stored in plaintext.
Encryption in Transit
All data transmitted between your browser and our servers uses TLS 1.3 with perfect forward secrecy.
Secure Infrastructure
Infrastructure runs on monitored cloud providers with automated detection and hardened operational baselines.
Authentication
We support OAuth 2.0 today and are building toward stronger enterprise identity options over time.
Data Backup
Automated backups with recovery paths help reduce the blast radius of operational mistakes.
Compliance
We design toward GDPR, CCPA, auditability, and stronger enterprise controls as the product matures.
Security Practices
Access Control
- Role-based access control (RBAC) for workspace members
- Principle of least privilege for all service accounts
- Regular access reviews and automatic deprovisioning
Data Handling
- Data isolation between tenants at the database level
- Automated data retention and deletion policies
- No data sharing with third parties for marketing purposes
Certifications & Compliance
SOC 2 Type II
Security controls audit
GDPR
European data protection
CCPA
California privacy rights
ISO 27001
Information security management
Responsible Disclosure
We encourage security researchers to report vulnerabilities to us. We will work with you to resolve issues quickly and responsibly.
Report a vulnerabilityWhat We Do to Keep You Safe
Security Questions?
If you have questions about our security practices, please reach out to our security team.
Contact Security Team