The receipts your security team wants.

• SOC 2 Type II

  Audited annually. Report available under NDA in minutes.

• GDPR + CCPA

  Data residency in EU and US. DPA signed by default.

• ISO 27001 aligned

  ISMS controls modelled on ISO 27001:2022. Certification on roadmap H2.

• PCI-aware

  No card data ever touches our systems — handled by Stripe + your gateway.

• HIPAA-ready (BAA)

  BAA available for healthcare brands on Enterprise plans.

• Cyber Essentials

  UK Cyber Essentials Plus for our public-sector customers.

Platform security

How we keep your data safe in transit, at rest and at the seams.

• SSO + SCIM

  SAML 2.0 + OpenID Connect. SCIM 2.0 user provisioning. MFA enforced for all admin roles.

• Encryption everywhere

  TLS 1.3 in transit, AES-256 at rest. Per-tenant KMS keys on Enterprise.

• Multi-region hosting

  EU (Frankfurt), US (Virginia), AP (Sydney). Pinned per workspace, never replicated cross-region.

• Audit logs + exports

  Tamper-evident log of every admin action. CSV export and SIEM stream (Splunk, Datadog).

• Continuous scanning

  SAST, dependency scanning and container CVE scanning on every commit. Pen-tested quarterly.

• Incident response

  Severity-1 acknowledgement under 15 minutes. Public post-mortems within 5 business days.

Procurement-ready

Documents your legal + finance teams want before a kickoff.

• Master Service Agreement

  Standard MSA with redline-friendly clauses for global enterprises.

  Request

• Data Processing Addendum

  GDPR + UK GDPR + CCPA compliant DPA, with EU SCCs and UK IDTA.

  Request

• Sub-processors list

  Live list at /trust/subprocessors with 30-day change notification email.

  Request

• Service Level Agreement

  99.95% uptime SLA on Enterprise. Service credits codified.

  Request

• Vendor security questionnaire

  CAIQ + SIG-Lite + custom questionnaires pre-filled. Average turn-around: 48 hours.

  Request

• Insurance

  $10M cyber liability + $5M E&O. Certificates on request.

  Request