SECURITY & TRUST
Built to survive a security review.
Your IT team will have questions. We have answers — and a public Trust Center.
Identity
FIDO2 / WebAuthn passkeys, adaptive MFA, password complexity, account lockout, and login rate limiting.
Tenant isolation
Row-level tenant scoping on every query, backed by an automated isolation test suite that gates releases.
Data Protection
PII encryption at rest, JIT PII access with re-auth, watermarked exports, honeypot rows, and DLP egress controls.
App Security
CSRF protection, CSP with nonces, Jinja2 autoescape, parameterized queries, and a Bandit SAST gate.
Integrity
Append-only audit log with an HMAC chain and periodic verification — tampering is detectable, not silent.
infrastructure
AWS behind an Application Load Balancer across multiple availability zones, with Multi-AZ encrypted RDS that has no public endpoint, a Cloudflare-only origin firewall, WAF + rate limiting, and TLS 1.2+ with HSTS.
COMPLIANCE
We are pursuing SOC 2 Type II and operate to that posture today: access reviews, an audit-log HMAC chain, and a DSAR portal for export and erasure. We don’t claim a certification we haven’t earned — when the report is issued, you’ll see it in the Trust Center.
SOC 2 — in progress.
SOC 2 Type II — in progress
OSHA recordkeeping (300/300A/301)
GDPR / CCPA — DSAR export & erasure
WCAG 2.1 AA — audited UI
Send us your security questionnaire.
We’ll walk your team through controls, isolation tests, and our Trust Center.