Trust Center
Transparency, security, and privacy are foundational to everything we build. Here's how we protect your data and your customers.
Our Security Practices
We implement comprehensive security measures across all our systems and solutions.
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API communications use mutual TLS where supported.
Access Control
We enforce role-based access control (RBAC) with the principle of least privilege. All access requires multi-factor authentication.
Monitoring & Logging
Continuous 24/7 monitoring of all systems with automated alerting. Security logs are retained and regularly reviewed.
Incident Response
We maintain a documented incident response plan with defined roles, escalation procedures, and communication protocols.
Vendor Management
All third-party vendors undergo security assessment before onboarding. We regularly review vendor security posture.
Secure Development
Security is integrated into our development lifecycle. Code reviews, dependency scanning, and security testing are standard practice.
Data Privacy & Handling
How we collect, process, and protect your data.
- We collect only the data necessary to deliver our services
- Personal data is processed with appropriate legal basis under GDPR and applicable regulations
- Data subject rights (access, rectification, deletion) are fully supported
- We do not sell personal data to third parties
- Data retention periods are defined and enforced for all data categories
- Regular privacy impact assessments are conducted for new services
Our Compliance Roadmap
We are not yet certified — we are actively building a compliance program aligned with internationally recognized frameworks. Below are the certifications we are working toward.
ISO 27001 (In Progress)
We are implementing an Information Security Management System aligned with ISO 27001 controls, with formal certification planned.
SOC 2 Type II (In Progress)
We are preparing for a SOC 2 Type II examination covering security, availability, and confidentiality trust service criteria.
SOC 1 (In Progress)
We are establishing the controls needed for a SOC 1 report to support customers with financial reporting dependencies.
HIPAA (In Progress)
We are building HIPAA-aligned safeguards and BAAs to support customers handling protected health information.
GDPR Alignment
Our data handling practices are designed to comply with GDPR and applicable data protection regulations today.
Continuous Improvement
Our security and compliance programs are regularly reviewed and improved as we progress toward formal certification.
Frequently Asked Questions
How do you protect my customer data?
All customer data is encrypted in transit and at rest. Access is restricted on a need-to-know basis with role-based controls. We conduct regular security assessments and maintain comprehensive logging.
Do you share data with third parties?
We only share data with third-party sub-processors that are essential to delivering our services (e.g., cloud hosting, AI model providers). Each sub-processor undergoes security review and is bound by data processing agreements.
What happens if there's a security incident?
We follow a documented incident response plan. Affected customers are notified promptly per our contractual and legal obligations. We conduct root cause analysis and implement preventive measures.
Can I request deletion of my data?
Yes. You can request access to, correction of, or deletion of your personal data at any time by contacting us. We process these requests within the timeframes required by applicable regulations.
Where is my data stored?
Data is stored in secure cloud environments with data center locations disclosed upon request. We can accommodate data residency requirements where needed.
Security Concerns?
If you have security concerns or want to report a vulnerability, please contact our security team.
Contact Security Team