Security

Data Encryption

All data is protected with industry-leading encryption standards:

• AES-256 Encryption at Rest

  All stored data, including SOPs and user information, is encrypted using AES-256.

• TLS 1.3 in Transit

  All data transmitted between your browser and our servers is encrypted with TLS 1.3.

• End-to-End Encryption (Enterprise)

  Enterprise customers can enable E2EE for maximum data protection.

Infrastructure Security

Our infrastructure is designed for security and reliability:

• SOC 2 Type II Compliant

  Our systems are audited annually for security, availability, and confidentiality.

• Cloud Security

  Hosted on AWS/GCP with enterprise-grade physical and network security.

• DDoS Protection

  Multi-layer DDoS mitigation ensures service availability.

• Regular Backups

  Automated backups with point-in-time recovery capabilities.

Access Control

We implement strict access controls to protect your data:

• Multi-Factor Authentication (MFA)

  Required for all accounts with support for TOTP and hardware keys.

• Role-Based Access Control (RBAC)

  Granular permissions ensure users only access what they need.

• Single Sign-On (SSO)

  Enterprise SSO integration with SAML 2.0 and OIDC support.

• Session Management

  Automatic session timeout and device management capabilities.

Monitoring & Audit

Comprehensive monitoring ensures we detect and respond to threats quickly:

• 24/7 Security Monitoring

  Real-time threat detection and automated alerting.

• Complete Audit Logs

  Every action is logged with timestamps and user attribution.

• Penetration Testing

  Regular third-party penetration tests and vulnerability assessments.

• Incident Response

  Documented incident response procedures with defined SLAs.

Compliance & Certifications

Vulnerability Disclosure

We take security reports seriously. If you discover a vulnerability, please report it responsibly: