Trust Center

Tenant isolation

Row-level security on every table

Encryption in transit & at rest

TLS 1.2+ and AES-256

OAuth token encryption

AES-256-GCM; keys never logged

Data export & deletion

GDPR/CCPA self-service

Data residency (EU)

Region-pinned storage

Passwordless sign-in

Email one-time code; no stored passwords

Multi-factor authentication

TOTP, admin-enforceable org-wide

Account lockout & idle timeout

Brute-force and session controls

Role-based access control

Admin / member / viewer

Enterprise SSO (SAML / OIDC)

Okta, Azure AD, Google Workspace

SCIM provisioning

Self-hosted SCIM 2.0; pending IdP validation

Security headers

CSP, HSTS, clickjacking protection

Rate limiting

Abuse protection on sensitive endpoints

Prompt-injection defense

Input sanitization and delimiting

Signed, replay-protected webhooks

Payment events

Automated dependency updates

Weekly, CI-gated

Enterprise bot protection

App rate limits today; platform WAF on deploy

Append-only audit log

Actor, timestamp, IP; admin export

Health & error monitoring

Liveness endpoint + error capture

Backups & point-in-time recovery

Daily backups + PITR

DDoS protection

Provided by the hosting platform

Multi-region redundancy

Cross-region failover

GDPR / CCPA alignment

Data subject rights honored

DPA available

For enterprise agreements

SOC 2 Type II

Controls implemented; audit window pending