Security & Trust
Security is not a feature. It's the foundation.
We build software for the world's most security-conscious organizations. Our security posture reflects that responsibility — from architecture decisions to operational practices.
Certifications & Compliance
SOC 2 Type II
CertifiedAnnual audit of security, availability, processing integrity, confidentiality, and privacy controls.
ISO 27001
CertifiedInternational standard for information security management systems (ISMS).
GDPR
CompliantFull compliance with the EU General Data Protection Regulation including data processing agreements.
HIPAA
CompliantHealthcare data protection compliance with Business Associate Agreements available for health sector partners.
FedRAMP
In ProgressFederal Risk and Authorization Management Program authorization for US government deployments.
PCI DSS
CompliantPayment Card Industry Data Security Standard for partners processing financial transactions.
Security Practices
Encryption Everywhere
AES-256 encryption at rest, TLS 1.3 in transit. Customer data is encrypted with customer-managed keys. Zero access architecture — we cannot read your data.
Zero-Trust Architecture
Every request is authenticated and authorized. No implicit trust between services. Role-based access control with principle of least privilege throughout.
Continuous Monitoring
24/7 security operations center monitoring all infrastructure. Automated threat detection, intrusion prevention, and real-time alerting for anomalous activity.
Secure Development
Security baked into our SDLC. Static analysis, dependency scanning, penetration testing, and mandatory code review for every change before deployment.
Data Residency
Choose where your data lives. EU, US, or custom deployment regions. Data never leaves the regions you specify. Full compliance with data sovereignty requirements.
Incident Response
Documented incident response plan with defined SLAs. Partners are notified within 72 hours of any confirmed security incident. Post-incident reviews published.
Deployment Options
Cloud (SaaS)
Fully managed deployment on our infrastructure. Multi-tenant with strict data isolation. Available in EU-West, US-East, and US-West regions.
Private Cloud
Dedicated single-tenant deployment on isolated infrastructure. Your own VPC with private networking. Available on AWS, Azure, and GCP.
On-Premises
Deploy within your own data centers. Air-gapped deployment option for the most sensitive environments. Full control over infrastructure and data.
Hybrid
Control plane in our cloud, data plane in your infrastructure. Best of both worlds — managed operations with data sovereignty.
Questions about our security posture? We're happy to share everything.