Trust
Encryption is table stakes. We don't stop there.
Org-isolated tenancy enforced in code and at the database. Encrypted in transit and at rest. Every privileged action audited. Data subject rights wired through the product, not tacked on.
TLS 1.3 / AES-256
Encryption
Org-isolated
Tenancy
Full GDPR/CCPA
DSR
7-year retention
Audit log
What ships in the box
Security posture the bid desk can defend.
- TLS 1.3 in transit, AES-256 at rest, KMS-managed keys
- Org-isolated tenancy enforced in API, ORM, and DB row-security
- Append-only audit log on every privileged action
- Mandatory MFA for OWNER and ADMIN roles
- Per-org data export + erasure (GDPR right-to-access / right-to-erasure)
- CCPA do-not-sell preference honored across analytics
- Annual third-party penetration test (results under NDA)
The mechanics
Defense in depth, not a single perimeter.
Tenancy
Every database row is scoped by org_id; the API rejects cross-tenant queries and Postgres row-level security enforces the same constraint at the data layer.
Authentication
Argon2id password hashing, session tokens rotated per login, optional SSO via Google, Microsoft, or SAML 2.0. MFA mandatory for elevated roles.
Audit log
Every privileged action — data export, role change, integration token issue — is recorded with reviewer ID, timestamp, and IP. Retention: 7 years.
Data subject rights
Right-to-access produces a complete data export within 30 days. Right-to-erasure soft-deletes the user, scrubs PII from associated records, retains the audit trail.
AI provider isolation
Customer content is never used to train cross-org models without explicit opt-in. Provider keys are per-org and stored in KMS.
SOC 2 roadmap
Type II is on the roadmap with quarterly evidence checkpoints. Current status and evidence are available to enterprise customers under NDA.
Frequently asked
Security questions we hear from procurement.
- Where is data hosted?
- US East by default. EU and Canada residency on the roadmap; talk to sales for an early-access slot.
- Can I get a SOC 2 letter?
- Type II is on the roadmap with quarterly evidence checkpoints; the current status is available to enterprise prospects under NDA.
- Do you train models on my plans?
- Not without explicit opt-in. Org-private symbols stay org-private; cross-org library promotion is human-vetted and opt-in.
- What happens if I delete my account?
- Soft-delete: PII is scrubbed within 30 days, the audit trail is retained for 7 years, and we issue a deletion confirmation email.
- Can I bring my own AI provider keys?
- Yes. Per-org provider keys for Anthropic, OpenAI, Google, and xAI are stored encrypted at rest and used only for that org's calls.