Security

Enterprise-grade security

Your data is isolated, encrypted, and always under your control. We take security seriously so you can focus on your business.

SOC 2 Type II(Certified)
GDPR(Compliant)
HIPAA(Enterprise)
ISO 27001(In Progress)

How we protect your data

Database Isolation

Each tenant gets their own isolated PostgreSQL database. Your data is completely separated from other customers — no schema-level or row-level multi-tenancy risks.

  • Dedicated database per tenant
  • No data commingling
  • Independent backups
  • Isolated failure domains

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database connections are secured with SSL certificates.

  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • Encrypted backups
  • Key rotation policy

Role-Based Access Control

Granular permissions let you control exactly who can see and do what. Define custom roles or use our sensible defaults.

  • Fine-grained permissions
  • Custom roles
  • Module-level access
  • Field-level security

Audit Logs

Every action is logged with who, what, when, and where. Full traceability for compliance, debugging, and accountability.

  • Complete action history
  • User attribution
  • IP logging
  • Exportable logs

Automatic Backups

Daily automated backups with 30-day retention. Point-in-time recovery available for Enterprise customers.

  • Daily automated backups
  • 30-day retention
  • Point-in-time recovery
  • Cross-region replication

Authentication

Secure authentication with password hashing, MFA support, and SSO integration for Enterprise customers.

  • Bcrypt password hashing
  • Two-factor authentication
  • SSO / SAML (Enterprise)
  • Session management
Infrastructure

Built on proven technology

We use industry-leading cloud infrastructure to ensure reliability and performance.

Cloud Infrastructure

Hosted on AWS with multi-AZ deployment for high availability.

Global CDN

Static assets served from edge locations worldwide.

DDoS Protection

Enterprise-grade protection against volumetric attacks.

Monitoring

24/7 infrastructure monitoring with automated alerting.

Our Practices

Security is a culture

Beyond technology, we maintain rigorous security practices.

Regular penetration testing by third-party security firms

Vulnerability scanning and patching within 24 hours for critical issues

Security training for all employees

Incident response plan and dedicated security team

Responsible disclosure program

No third-party data sharing or selling

Your data is yours

We never sell or share your data. You can export everything at any time in standard formats. If you cancel, we give you 30 days to export before deletion.

Export anytime
Standard formats
No data selling

Questions about security?

Our security team is happy to answer any questions or provide additional documentation for your compliance needs.