Trust Center

Security for the security platform

We build security products. We hold ourselves to a higher standard. Here's exactly how we protect the platform and your data — no marketing language, just facts.

Request SOC 2 ReportSee Enterprise Features
99.9%+

Uptime Target

AES-256

Encryption Standard

0

Data Breaches (Since Launch)

24/7

Security Monitoring

Certifications

Independently verified

Trust isn't a claim — it's audited. Our security practices are independently verified by third-party auditors on a continuous basis.

SOC 2 Type II

In Progress

Independent audit of security controls, availability, and confidentiality. Audit in progress — report available upon completion.

ISO 27001

In Progress

Information security management system certification covering the entire platform. Certification in progress.

HIPAA

Compliant

BAA available for healthcare organizations. Full HIPAA compliance controls implemented.

GDPR

Compliant

Full data subject rights support. EU data residency option. Privacy by design architecture.

Security Practices

How we protect the platform

Our security posture is not a checkbox exercise. It's how we build.

Encryption Everywhere

AES-256 encryption at rest. TLS 1.3 in transit. Customer-managed keys (BYOK) available for Enterprise. Your data is encrypted at every stage of its lifecycle.

Authentication & Access

Multi-factor authentication required for all accounts. SAML/OIDC SSO integration. Role-based access control with principle of least privilege enforced at the API level.

Infrastructure Security

SOC 2 Type II audited data centers. Network segmentation, WAF protection, DDoS mitigation, and real-time intrusion detection. Infrastructure hardened per CIS benchmarks.

Data Isolation

Strict tenant isolation at the data layer. No shared database tables, no shared compute for intelligence models. Your data is architecturally separated from all other customers.

Monitoring & Detection

24/7 security monitoring of all platform infrastructure. Automated anomaly detection, alerting, and incident response. We use our own products to protect the platform.

Employee Security

Background checks on all employees. Security awareness training. Least-privilege access to production systems. Hardware security keys required for all internal access.

Data Handling

Your data, your control

Complete transparency about what data we collect, how we use it, and what controls you have. No surprises.

What data we collect

  • Security events and signals you explicitly send to the platform
  • User interaction data (actions within the platform) for intelligence improvement
  • Anonymized aggregate patterns (opt-in) for network intelligence
  • Account and billing information necessary for service delivery

What we never do

  • Sell your data to third parties — ever
  • Use your identifiable data to train models for other customers
  • Access your data without explicit authorization or legal requirement
  • Retain data beyond your configured retention period
  • Share your data with advertising networks or data brokers

Your controls

  • Data export: full export of all your data in standard formats at any time
  • Data deletion: request complete deletion of all your data
  • Retention policies: configure per-data-type retention periods
  • Network opt-out: disable contribution to anonymized network intelligence
  • Audit logs: full visibility into who accessed what and when

Incident Response

When something goes wrong, speed matters

We operate under a strict incident response protocol with defined SLAs for detection, containment, notification, and disclosure. Our incident response team is staffed 24/7 with senior security engineers.

We believe in transparency during incidents. Affected customers are notified promptly with honest, detailed communication — not lawyered-up press releases days after the fact.

1

0-5 min

Automated detection and alerting

2

5-15 min

Security team assessment and containment

3

15-60 min

Root cause analysis and remediation

4

1-4 hrs

Customer notification (if applicable)

5

24-72 hrs

Post-incident review and disclosure

Responsible Disclosure

Found a security vulnerability? We take every report seriously and respond within 24 hours. We do not pursue legal action against researchers who follow our responsible disclosure policy.

Report a Vulnerability

Security you can verify

Request our SOC 2 Type II report, review our security practices, and talk to our security team directly.

Request Security ReportSee Enterprise Features