Trust & Security
Security Overview
We follow industry-standard security best practices to protect customer data and maintain service reliability. While we are not yet SOC 2 compliant, we are committed to continuously strengthening our security controls and processes.
Controls
Technical safeguards
Data storage protection
Encryption at rest
Stored application data is protected with encryption at rest in the underlying infrastructure.
Network protection
Encryption in transit
Public and authenticated traffic is served over encrypted HTTPS connections.
Change traceability
Audit Trail
Changes are logged in an application record trail.
Policies
Operational procedures
Business continuity
Backups & recovery
Backup and recovery procedures are documented for production operations.
Operational response
Incident response
Escalation and notification procedures are documented for review.
Security maintenance
Vulnerability management
Patching, dependency review, and scanning policies are documented for diligence.
Supplier governance
Vendor risk management
Third-party service providers are assessed and monitored for security and compliance risks.
Information governance
Data classification
Sensitive data is classified and handled according to defined retention and protection requirements.
Subprocessors
Infrastructure and service providers
DigitalOcean
Application hosting
NeonDB
Managed database
Sentry
Application monitoring
Cloudflare
CDN & web analytics
Google Cloud
AI content generation
Resend
Email delivery
Stripe
Payments
Google Workspace
Customer communication
Slack
Customer communication