Privacy-first Approach

We’re committed to the protection of customers’ data and maintain a high level of information security. We make it a priority to keep your data secure and prevent unauthorized access. We accomplish this by keeping privacy and security on the forefront of our mind when developing all of our products.


We undergo independent external audits and are certified SOC 2 Type 1 and SOC 2 Type 2 by AICPA. This is a testament to the competency of our internal controls put in place to safeguard customer data.


Our internal controls that safeguard customer data are designed correctly


Our system and controls have been tested for their effectiveness

ISO 27001-2022

Our information security management system can manage risks and identify weaknesses proactively


Infrastructure security

Data Encryption

We encrypt our customers’ data with TLS 1.2+ in transit and AES-256 at rest. Our administrative controls enforce protection at every level of the organization.

Customer Data Segregation

We’ve distinct controls in place to prevent data leakage. Development, Testing, and Production environments are all isolated to keep data where it belongs.

Firewall Controls

Subnet and security group rules are leveraged to control network traffic. All components that process your data operate in our private network inside our secure cloud platform. Application-level ingress and egress filtering are implemented to control inbound and outgoing traffic. Our servers and network ports are behind load balancers and a web application firewall.

Application Security

Security in Software Development & Deployment Process

We use secure SDLC processes, including threat modeling, design reviews, code reviews, SCA. Manual QA are implemented to keep the product free of bugs. We also leverage up-to-date and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF).

Penetration Testing

We actively work to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests on a routine basis.

Information Security Awareness & Training

Our employees complete mandatory annual training on a wide range of privacy and security topics. Training targets phishing, escalating issues, insider threats, and malware. It is also updated on a regular basis to stay up to date with industry security changes.

Access Controls

SSO Integration

We offer SSO integration with any SAML-based IdP.

Role/Permissions Based Access

Our customers can configure users and their respective permissions in any secure form they seek. We can assign privileges by role, department, and group as per requirements.

Audit Logging & Tracking

We maintain audit logs for actions taken by any user. This includes the date/time stamp, user, and the action taken.

Operational Security

Zero-Trust Model for Production Access

We carefully authenticate and authorize all users and devices before granting access to production resources. Security measures are consistently applied across the network.

Background Checks

We conduct background checks on all employees, vendors, and contractors who work with us or have any access to data.

Device Endpoint Security

Mobile Device Management (MDM) is configured to enforce security for all employee devices. Enterprise anti-malware is installed to provide alerts on potential viruses to prevent data leakage.

Vulnerability Reporting & Disclosure

Security is a top priority for us, and we continuously work with skilled security researchers and third party testers to identify weaknesses in our products and infrastructure. If you believe you have found a security vulnerability, please let us know right away by emailing us at We investigate all reports and do our best to quickly fix valid issues.

Terms of Service

Privacy Policy