Trust & Security
A public mirror of the in-app Trust Center. The same audit-bundle verifier that auditors use is embedded on the home page — try it.
Security posture
- SOC 2 Type IIIn observation (Vanta) — report Q3 2026
- Penetration testScheduled — Cure53, week 14
- Encryption at restAES-256-GCM via envelope encryption
- Encryption in transitTLS 1.3 only
- SSOSAML / OIDC via WorkOS — 40+ identity providers
- MFATOTP enforced for admin & compliance roles
- Audit chainHMAC-SHA256, hash-chained, Merkle-anchored to S3 Object Lock
- Key rotationActive rotation procedure with historical-row verification
Subprocessors
| Vendor | Purpose | Region |
|---|---|---|
| AWS | Compute, storage, KMS, S3 Object Lock | USA / EU |
| WorkOS | SSO / SAML / OIDC | USA |
| Stripe | Billing | USA |
| Vanta | SOC 2 evidence collection | USA |
| Better Stack | Status page + ops uptime monitoring | USA |
| Anthropic / OpenAI / Groq | LLM inference (per tenant choice) | USA |