Previous
PrivacyNext
SubprocessorsSecurity
Enterprise-grade security protecting your workspace and data.
Our security architecture is designed to protect your data at every layer. From infrastructure to application, we implement defense-in-depth strategies that meet the requirements of the most security-conscious organizations.
Infrastructure Security
| Control | Implementation |
|---|---|
| Cloud Provider | Hosted on enterprise cloud infrastructure with SOC 2 certification |
| Data Centers | Geographically distributed with physical security controls |
| Network Security | Virtual private clouds with network segmentation |
| DDoS Protection | Enterprise-grade protection against distributed attacks |
| Firewall | Web application firewall with threat intelligence |
Data Encryption
| Layer | Standard | Details |
|---|---|---|
| At Rest | AES-256 | All stored data encrypted using AES-256 via cloud provider |
| In Transit | TLS 1.3 | All connections secured with TLS 1.2+ |
| Key Management | Cloud-managed | Encryption keys managed by cloud infrastructure (Amazon Web Services) |
| Database | Encrypted | All database storage encrypted at rest |
| Backups | Encrypted | All backups encrypted by cloud infrastructure |
Access Controls
| Feature | Description |
|---|---|
| Authentication | Email/password, social login (Google, Microsoft), passwordless passkeys |
| Multi-Factor Auth | TOTP authenticator apps and backup codes |
| Session Management | Secure session handling with automatic timeouts |
| Role-Based Access | Granular permissions at workspace, team, and resource levels |
| API Security | Session-based authentication with secure tokens |
Application Security
| Practice | Implementation |
|---|---|
| Secure Development | Security-focused SDLC with code reviews |
| Dependency Scanning | Automated vulnerability scanning of dependencies |
| Static Analysis | Code analysis for security vulnerabilities |
| Penetration Testing | Annual third-party penetration tests |
Monitoring & Logging
| Capability | Details |
|---|---|
| Audit Logs | Comprehensive logs of all user and admin actions |
| Security Monitoring | 24/7 automated threat detection |
| Alerting | Real-time alerts for suspicious activity |
| Log Retention | Audit logs retained for compliance requirements |
| SIEM Integration | Export logs to your SIEM solution |
Incident Response
| Phase | Description |
|---|---|
| Detection | Automated detection with 24/7 monitoring |
| Triage | Severity assessment and team mobilization |
| Containment | Immediate actions to limit impact |
| Remediation | Root cause analysis and fix deployment |
| Communication | Timely notification to affected customers |
| Post-Incident | Review and process improvement |
Business Continuity
| Measure | Details |
|---|---|
| Backups | Automated daily backups with two providers; two locations; independent clouds |
| Redundancy | Multi-region deployment for high availability |
| Disaster Recovery | Documented DR procedures with regular testing |
| RTO/RPO | Recovery Time Objective: 4 hours, Recovery Point Objective: 24 hours |
| Uptime SLA | 99.5% uptime guarantee* Enterprise plans only. |
Security Certifications
| Certification | Status | Description |
|---|---|---|
| SOC 2 Type II | In Progress | Working toward independent security audit |
| ISO 27001 | In progress | Working toward independent security audit |
| CSA STAR | In progress | Cloud security best practices |
Vulnerability Disclosure
We welcome responsible security research. If you discover a vulnerability:
| Step | Action |
|---|---|
| 1 | Email [email protected] with details |
| 2 | Include steps to reproduce the issue |
| 3 | Allow 90 days for remediation before disclosure |
| 4 | We'll acknowledge receipt within 24 hours |