Trust Center

Security & Trust Center

Enterprise-grade security built into every layer of the platform — not bolted on as an afterthought.

Compliance

Certifications & Standards

SOC 2 Type II

Independently audited security controls covering data handling, access management, availability, and confidentiality. Annual audit cycle.

GDPR Compliant

Full compliance with the EU General Data Protection Regulation. Built-in data export, consent management, right to erasure, and data processing agreements.

ISO 27001

Information Security Management System certification. Systematic approach to managing sensitive company information securely.

Field-Level Encryption

Sensitive fields (PII, tokens, API secrets) encrypted with AES-256 at the column level on top of disk-level encryption — protected even if a backup file is exposed.

99.9% Uptime SLA

Enterprise plans include formal uptime guarantees with defined service credits. Scheduled maintenance communicated 48 hours in advance.

Audit Trail

Append-only audit log capturing every create, update, and delete operation with user ID, IP address, timestamp, and before/after data snapshots.

Architecture

Security Architecture

01
Multi-Tenant Isolation

Every database query is automatically scoped to the current tenant via Entity Framework global query filters. Automatic TenantId stamping on every record. One tenant can never access another's data — enforced at the data layer, not just the application layer.

02
Encryption Everywhere

TLS 1.2+ for all data in transit. Database encryption at rest. API keys are SHA-256 hashed before storage. Session cookies encrypted via ASP.NET Core Data Protection with shared key ring across applications.

03
Access Control

Four layers of access control: Role-Based Access Control (RBAC) with custom roles, additive Permission Sets, field-level security (Hidden/ReadOnly/Editable per role), and record-level sharing rules (Private/Team/Public).

Data Handling

How We Handle Your Data

Authentication

SSO via Google, Microsoft, and Apple. Cross-app authentication with shared secure cookie. Token-based API access with scoped permissions and expiry dates. Invitation-based onboarding with SHA-256 hashed tokens.

Rate Limiting

Three-layer rate limiting: daily quota per tenant (resets at midnight in tenant timezone), sliding-window burst protection, and concurrent request limits. Prevents abuse without impacting legitimate usage.

Data Deletion

Soft-delete with recycle bin recovery for accidental deletions. Permanent tenant data purge with FK-safe SQL ordering and full audit trail. 30-day retention window after cancellation.

AI Data Privacy

AI prompts include only the context you authorize. Token usage tracked per tenant. Conversation history stored in your tenant only. We do not use your data to train AI models. Provider-level DPAs in place.

Questions about security?

Our team is happy to discuss security requirements, provide compliance documentation, or arrange a security review.