Security
How we protect your data.
Encryption at rest and in transit
All customer data is encrypted at rest (AES-256) and in transit (TLS 1.3). OAuth tokens for integrations are additionally encrypted with Fernet keys rotated quarterly.
Row-level isolation
Every Postgres table carries row-level security policies. A misconfigured query can't accidentally leak one customer's data to another — the database itself enforces the boundary.
SOC 2 in progress
We're working toward SOC 2 Type II certification with an audit window starting Q3 2026. Our security posture is reviewed quarterly by an external consultant.
Breach disclosure
If we discover a security incident affecting your data, we'll notify you within 72 hours per GDPR / PDPL standards — even if disclosure isn't legally required in your jurisdiction.