Security

We take the security of your business data seriously. Here's how we protect it.

Encryption

Data encrypted with AES-256 at rest and TLS 1.3 in transit. Database credentials are never exposed to application processes.

Short-lived JWT access tokens (15 min) with secure HTTP-only refresh tokens (7 days). CSRF tokens required on all state-changing requests.

Least-privilege role-based access across all resources. Tenant data is fully isolated — one tenant can never access another's data.

Hosted on enterprise cloud infrastructure with automated backups, DDoS protection, and 99.9% uptime SLA target.

Security incidents are disclosed to affected tenants within 72 hours of discovery. We maintain a formal incident response playbook.

Please disclose responsibly. We review all reports and aim to respond within 5 business days.