Security
Your decisions are safe with us
We take security seriously. Here is how we protect your data at every level.
Security practices
What we do today to keep your data safe.
Encryption everywhere
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database backups are encrypted by default.
Authentication & access control
Secure email/password authentication with bcrypt hashing. Role-based access control ensures users only see what they should.
Infrastructure security
Hosted on modern cloud infrastructure with automated patching, network isolation, and continuous monitoring.
Data handling
Your decision data is yours. We do not sell or share your data with third parties. Data retention follows your account lifecycle.
API security
All API endpoints require authentication. Rate limiting and quota enforcement protect against abuse.
Team permissions
Granular team invitation controls let you manage who has access to your organizationโs decision data.
Security roadmap
Initiatives we are actively working toward.
SOC 2 Type II
PlannedWe are working toward SOC 2 Type II compliance to provide independent assurance of our security controls.
GDPR compliance program
PlannedA formal GDPR compliance program is on our roadmap to support our European customers.
Single Sign-On (SSO)
PlannedEnterprise SSO integration via SAML and OIDC for seamless, centralized authentication.
Have a security question?
We are happy to answer questions about our security practices. Reach out anytime.