Security

Security is the product.

Customer trust is the only thing that lets us add a new app to your business. Here's how we earn it.

EU data residency

All customer data is stored in the EU. We never replicate to non-EU regions.

TLS 1.2+ in transit, AES-256 at rest. Backups encrypted with separate keys.

OAuth 2.0, magic-link, Google / GitHub, optional TOTP 2FA, SAML SSO on Enterprise.

Role-based permissions per organization, scoped API keys, full audit log.

Hourly Postgres snapshots, 30-day retention, monthly disaster-recovery rehearsals.

Continuous dependency scanning, quarterly third-party penetration tests, public bug-bounty.