Trust
Encryption is table stakes. We don't stop there.
Org-isolated tenancy, encryption at rest and in transit, audit logs on every privileged action, GDPR / CCPA workflows, and a SOC 2 roadmap with quarterly evidence checkpoints.
TLS 1.3 + AES-256
Encryption
Org-isolated
Tenancy
Full DSR support
GDPR / CCPA
What this delivers
Outcomes, not just features.
- Every table is org-scoped — multi-tenant isolation enforced in code + DB
- TLS 1.3 in transit, AES-256 at rest, KMS-managed keys
- Audit log on every privileged action (data export, user role change)
- GDPR data export + erasure, CCPA opt-out, EU/US/CA residency on roadmap
- Optional SSO via Google, Microsoft, or SAML 2.0
- Penetration test annually; results available under NDA
Security & Compliance features
The mechanics behind the headline.
Org-isolated tenancy
Every database row is scoped by org_id; cross-tenant queries are rejected at the API and enforced again at the row-security layer.
Audit log
Every privileged action — data export, user invite, role change — lands in an append-only audit log retained for 7 years.
GDPR / CCPA workflows
Data subject rights (access, erasure, portability) and CCPA do-not-sell are wired through user settings.
SOC 2 roadmap
Quarterly evidence checkpoints with our auditor; current status visible to enterprise customers under NDA.
Related pillars
Threads through the rest of the platform.
Frequently asked
Questions about Security & Compliance.
- Can I get a SOC 2 letter?
- Type II is on the roadmap; current status and evidence are available to enterprise prospects under NDA.
- Where is data hosted?
- US East by default. EU and Canada residency on the roadmap; talk to sales for an early-access slot.
Next move
See Security & Compliance on your real bid.
Pilots run end-to-end on real plan sets. Bring one we should review.