Security
Defense in depth across the platform
Security is engineered into the product, the infrastructure, and the operating practices that surround them.
Cryptography
Encryption in transit and at rest
- TLS 1.2+ enforced for all external traffic
- Modern cipher suites with forward secrecy
- AES-256 encryption for data at rest
- Managed key storage with rotation policies
- Encrypted backups and snapshots
- Secret material kept out of source control
Identity
Secure authentication
- Password hashing using modern algorithms
- Multi-factor authentication support
- Session management with secure cookies
- Single sign-on for eligible enterprise customers
- Account lockout and abuse mitigation
- Sign-in anomaly detection
Access
Least-privilege access controls
- Role-based access throughout internal systems
- Just-in-time elevation for sensitive operations
- Mandatory MFA for administrative tooling
- Quarterly access reviews
- Audit logging on privileged actions
- Separation of duties for production changes
Infrastructure
Hardened, monitored infrastructure
- Reputable cloud providers with strong physical security
- Network segmentation and private connectivity
- Web application firewall and DDoS protections
- Vulnerability scanning and patch management
- Immutable infrastructure and reviewed deployments
- Centralized logging with retention controls
Data Protection
How we store, access, and retain data
- Documented storage locations and data flows
- Access scoped to job function and need-to-know
- Retention windows tied to product and legal requirements
- Secure deletion procedures on request and at end-of-life
- Backups verified for integrity and recoverability
- Defense-in-depth across application, network, and host