Trust Center

Built like a bank.
Priced like SaaS.

We protect your infrastructure — so we hold ourselves to the standards we'd demand of any vendor handling our own. Audited, certified, transparent.

0%
Uptime SLA
0
Threats blocked / day
0.00
Compliance certs
0.00
Customer data breaches
Audited & Certified

Real certifications. Verifiable.

Reports available under NDA. Email [email protected] to request.

SOC 2 Type II
AICPA
CertifiedAug 2026
ISO 27001:2022
BSI
CertifiedNov 2026
GDPR
EU
CompliantContinuous
CCPA
California AG
CompliantContinuous
HIPAA
HHS
BAA AvailableOn request
PCI DSS
PCI Council
Level 1Apr 2026
How we protect you

Six pillars. Zero compromises.

Encryption everywhere

  • AES-256 at rest, TLS 1.3 in transit
  • Customer-managed encryption keys (Enterprise)
  • Per-tenant data isolation
  • Encrypted database backups, hourly

Network & infrastructure

  • Private VPC per region, no shared compute
  • DDoS protection by Cloudflare Magic Transit
  • WAF rules tuned weekly against OWASP Top 10
  • Bastion hosts with hardware key MFA only

Access & identity

  • SSO via SAML 2.0 + OIDC (Okta, Azure AD, Google)
  • Mandatory hardware key (YubiKey) for all staff
  • Just-in-time access with audit trail
  • Quarterly access reviews, automated revocation

Monitoring & detection

  • 24/7 SOC monitoring across all production systems
  • Anomaly detection on every privileged action
  • Automatic intrusion response (90s containment)
  • Tamper-evident audit logs, 7-year retention

Data residency & sovereignty

  • Choose your region: US, EU, UAE, Singapore
  • Data never crosses regional boundaries
  • Right to delete, fully automated (24h max)
  • Full data export anytime — no lock-in

Incident response

  • Documented runbooks for 47 incident types
  • Customer notification within 1 hour of detection
  • Public post-mortems for any P1 incident
  • Pre-engaged forensics partner (Mandiant)
Responsible disclosure

Find a bug? Get paid.

Our bug bounty has paid out $284,000 across 412 valid reports since 2024. We respond to triage within 6 hours, every time.

No NDAs, no legal threats — ever
90-day disclosure timeline (negotiable)
Public hall of fame + bonus for first-of-kind bugs
Direct line to engineering — no security theater
Report a vulnerability

Bounty tiers

Critical$5,000 – $25,000
High$1,500 – $5,000
Medium$500 – $1,500
Low$100 – $500
$284,000
paid since 2024

Need our SOC 2 report or DPA?

Available under NDA in 24 hours. We make procurement painless.

Request reports View live status