Trust
Security
How we protect data and systems — infrastructure, encryption, access, monitoring, and how to report a vulnerability.
Infrastructure
We build on managed, reputable cloud infrastructure with isolated environments for development, staging, and production. Infrastructure is provisioned as code and reviewed before changes ship.
Encryption
- TLS for all data in transit.
- Encryption at rest for databases, storage, and backups.
- Secrets never stored in source control.
Authentication
Access uses modern authentication with OAuth providers (Google, GitHub) and email/password. We support strong password policies and encourage provider-managed 2FA.
Backups
Production data is backed up on a regular schedule with point-in-time recovery available on our managed database tier.
Access control
We apply role-based access control (RBAC) and least privilege. Row-level security policies enforce data isolation at the database layer, not just the application.
policy: enable RLS on every table rule: users read/write only their own rows staff: scoped by verified role, never client-set
Secrets management
Credentials and API keys live in managed secret stores and environment configuration — never in the client bundle or the repository. Service-role keys never reach the browser.
Monitoring
We monitor application errors, runtime exceptions, and infrastructure health, with alerting on anomalies so issues are caught early.
Incident response
- Detect & triage severity.
- Contain and mitigate impact.
- Notify affected parties per obligations.
- Remediate root cause and document learnings.
Responsible disclosure
Found a vulnerability?
Report it privately through our contact page. We acknowledge reports promptly, investigate, and will not pursue good-faith researchers who follow responsible disclosure.
Compliance roadmap
We follow SOC 2-aligned practices today and are maturing toward formal certification. This page reflects current, app-visible controls — it is not itself an independent certification.
Frequently asked
Questions about this document? Reach us at our contact page.
Let's build something that compounds.
Tell us about your product, systems or automation goals. We'll map a path forward.