Security
We safeguard customer conversations with layered controls, rigorous reviews, and transparent processes. This page summarizes our security posture. Last updated: December 15, 2025.
Layered controls across identity, network, application, and data to reduce risk.
Role-based access, audited elevation, and segmented environments for sensitive systems.
Telemetry, alerting, and runbooks to detect anomalies and respond quickly.
Encryption in transit (TLS 1.2+) and at rest for customer data and secrets.
SSO support for workspaces plus enforced MFA for internal admin access.
Hardened production environments with least-privilege IAM and network segmentation.
Regular backups, tested restores, and disaster recovery plans with defined RPO/RTO targets.
Secure SDLC: code review, dependency scanning, and environment-specific secrets management.
Vendor reviews and data processing agreements for subprocessors handling customer data.
24/7 monitoring for availability and security events with documented escalation paths.
Incident playbooks, post-incident reviews, and customer communication for material issues.
Data deletion or export support aligned to our Privacy Policy and workspace settings.
Found a vulnerability or suspicious activity? Please let us know. We appreciate responsible disclosure and will respond quickly.