Security & Compliance

Security & compliance, built in.

Encryption in transit and at rest, strict access controls, and a Data Processing Addendum for customers who need one.

GDPR
DPA available

Data protection

  • AES-256 at rest
  • TLS 1.3 in transit
  • Per-workspace encryption keys
  • Data processed in the United States

Access control

  • SAML & OIDC SSO
  • SCIM provisioning
  • Role-based access control (RBAC)
  • Mandatory 2FA for admins

Operational security

  • 24/7 SOC monitoring
  • Quarterly penetration testing
  • Public status page with RCA

Customer controls

  • Audit log export (CSV / API)
  • Data deletion within 90 days
  • Sub-processor list available on request
  • DPA available on request

Trust documents

Customers and prospective customers can request our Data Processing Addendum.

View DPA Request docs