Security Posture

In Transit: Customer-facing traffic is expected to use encrypted transport.

At Rest: Where customer data is persisted, we design for encrypted storage and controlled access.

Scope: Data handling depends on the product and deployment model being evaluated.

Least Privilege: We aim to keep internal access limited to the systems required for a given responsibility.

Authentication: Internal systems are expected to use strong authentication and account review practices.

Auditability: Critical administrative actions are designed to be reviewable.

Change Review: Product changes are expected to go through review before release.

Dependency Hygiene: We monitor dependencies and update them as part of normal maintenance.

Continuous Improvement: Security posture evolves alongside the product and is reviewed during customer evaluations where relevant.