Trust & Security

Security Overview

We follow industry-standard security best practices to protect customer data and maintain service reliability. While we are not yet SOC 2 compliant, we are committed to continuously strengthening our security controls and processes.

3 complete 5 documented

Controls

Technical safeguards

Data storage protection

Encryption at rest

Complete

Stored application data is protected with encryption at rest in the underlying infrastructure.

Network protection

Encryption in transit

Complete

Public and authenticated traffic is served over encrypted HTTPS connections.

Change traceability

Audit Trail

Complete

Changes are logged in an application record trail.

Policies

Operational procedures

Business continuity

Backups & recovery

Documented

Backup and recovery procedures are documented for production operations.

Operational response

Incident response

Documented

Escalation and notification procedures are documented for review.

Security maintenance

Vulnerability management

Documented

Patching, dependency review, and scanning policies are documented for diligence.

Supplier governance

Vendor risk management

Documented

Third-party service providers are assessed and monitored for security and compliance risks.

Information governance

Data classification

Documented

Sensitive data is classified and handled according to defined retention and protection requirements.

Subprocessors

Infrastructure and service providers

DigitalOcean

Application hosting

Active

NeonDB

Managed database

Active

Sentry

Application monitoring

Active

Cloudflare

CDN & web analytics

Active

Google Cloud

AI content generation

Active

Resend

Email delivery

Active

Stripe

Payments

Active

Google Workspace

Customer communication

Active

Slack

Customer communication

Active