Security

Security is at the core of everything we build. Learn about our security practices and approach to protecting your data.

Data Encryption

AES-256-GCM encryption at rest and TLS 1.3 for all data in transit

Access Controls

Role-based access controls with multi-factor authentication and API key scoping

Privacy by Design

Selective disclosure, zero-knowledge proofs, and consent-based verification

Compliance Roadmap

We are actively working toward industry-standard certifications. Here is our current status:

SOC 2 Type II

On our roadmap. Foundational controls being implemented.

ISO 27001

On our roadmap. Working toward certification.

OWASP Top 10

Security best practices followed in all development.

GDPR

GDPR-aligned policies being developed.

Security Practices

  • AES-256-GCM encryption at rest with per-tenant keys
  • TLS 1.3 encryption for all data in transit
  • Ed25519 / ECDSA P-256 credential signing
  • SHA-256 + SHA-3-256 dual hashing for quantum resistance
  • JWT-based authentication with token rotation
  • Input sanitization and XSS prevention
  • Parameterized queries for SQL injection prevention
  • HSTS, CSP, and X-Frame-Options security headers

Infrastructure

  • AWS cloud infrastructure with VPC isolation
  • PostgreSQL with encryption at rest
  • Redis with AUTH and TLS encryption
  • Multi-tenant isolation with row-level security
  • Rate limiting and DDoS protection
  • Automated daily backups with 30-day retention
  • Health probes for container orchestration
  • Graceful shutdown with in-flight request draining

Security Questions?

We're happy to discuss our security practices in detail.

Contact Us