Security & Trust

Clear controls. Continuous monitoring. Fast response.

2,847 corridors analyzed today
SOC 2 Type IISO 2700199.95% uptime target

Program overview

Encryption posture

TLS 1.2+ in transit, AES-256 at rest, key rotation via KMS/HSM.

Access control

SSO with SAML/OIDC, MFA, RBAC, SCIM provisioning.

Monitoring

Managed SIEM, alerting, log retention policies.

Audit trails

Immutable decision logs and evidence artifacts.

Data handling

Data residency

Regions selectable. Backups stay in-region.

Customer data access

By exception only. Just-in-time with approvals.

Retention

Configurable by tenant with legal hold support.

Secrets management

KMS/HSM-backed keys with rotation and audit.

Assurance and testing

Independent pen tests

Annual external tests and quarterly re-tests. Exec summaries under NDA.

Learn more

Secure SDLC

Threat modeling, SAST/DAST, dependency scanning, code review.

Learn more

Vulnerability disclosure

Coordinated disclosure policy. Rewards available for critical issues.

Learn more

Compliance roadmap

SOC 2 Type I

Audit underway. Deliverable ETA quarter-bound.

SOC 2 Type II

Control period after Type I. Customer reports under NDA.

ISO 27001

ISMS established. Certification planned post-SOC2.

Documents

Security one-pager

Summary of controls and posture.

Learn more

Sub-processor list

Vendors and purposes with DPAs.

Learn more

Status page

Live uptime and incident history.

Learn more

security.txt

Contact method for researchers.

Learn more

Pen-test summary

External firms conduct network and application testing at least annually, with remediation tracked to closure. Executive summaries and remediation status are available under NDA.

Secure SDLC

  • Threat modeling for high-risk changes
  • Mandatory reviews and protected branches
  • SAST/DAST and dependency scanning in CI
  • Secrets detection and pre-commit hooks

Vulnerability disclosure

We encourage responsible disclosure. Do not test with customer data. Report via the button above. We confirm receipt within one business day and provide status updates until resolution.

Need deeper documentation?

Request the latest one-pager and pen-test summary under NDA.

View status