Security

How we protect your data.

Encryption at rest and in transit

All customer data is encrypted at rest (AES-256) and in transit (TLS 1.3). OAuth tokens for integrations are additionally encrypted with Fernet keys rotated quarterly.

Row-level isolation

Every Postgres table carries row-level security policies. A misconfigured query can't accidentally leak one customer's data to another — the database itself enforces the boundary.

SOC 2 in progress

We're working toward SOC 2 Type II certification with an audit window starting Q3 2026. Our security posture is reviewed quarterly by an external consultant.

Breach disclosure

If we discover a security incident affecting your data, we'll notify you within 72 hours per GDPR / PDPL standards — even if disclosure isn't legally required in your jurisdiction.

Madar AI — The AI Growth OS for MENA mobile apps