Security for the security platform
We build security products. We hold ourselves to a higher standard. Here's exactly how we protect the platform and your data — no marketing language, just facts.
Uptime Target
Encryption Standard
Data Breaches (Since Launch)
Security Monitoring
Certifications
Independently verified
Trust isn't a claim — it's audited. Our security practices are independently verified by third-party auditors on a continuous basis.
SOC 2 Type II
In ProgressIndependent audit of security controls, availability, and confidentiality. Audit in progress — report available upon completion.
ISO 27001
In ProgressInformation security management system certification covering the entire platform. Certification in progress.
HIPAA
CompliantBAA available for healthcare organizations. Full HIPAA compliance controls implemented.
GDPR
CompliantFull data subject rights support. EU data residency option. Privacy by design architecture.
Security Practices
How we protect the platform
Our security posture is not a checkbox exercise. It's how we build.
Encryption Everywhere
AES-256 encryption at rest. TLS 1.3 in transit. Customer-managed keys (BYOK) available for Enterprise. Your data is encrypted at every stage of its lifecycle.
Authentication & Access
Multi-factor authentication required for all accounts. SAML/OIDC SSO integration. Role-based access control with principle of least privilege enforced at the API level.
Infrastructure Security
SOC 2 Type II audited data centers. Network segmentation, WAF protection, DDoS mitigation, and real-time intrusion detection. Infrastructure hardened per CIS benchmarks.
Data Isolation
Strict tenant isolation at the data layer. No shared database tables, no shared compute for intelligence models. Your data is architecturally separated from all other customers.
Monitoring & Detection
24/7 security monitoring of all platform infrastructure. Automated anomaly detection, alerting, and incident response. We use our own products to protect the platform.
Employee Security
Background checks on all employees. Security awareness training. Least-privilege access to production systems. Hardware security keys required for all internal access.
Data Handling
Your data, your control
Complete transparency about what data we collect, how we use it, and what controls you have. No surprises.
What data we collect
- Security events and signals you explicitly send to the platform
- User interaction data (actions within the platform) for intelligence improvement
- Anonymized aggregate patterns (opt-in) for network intelligence
- Account and billing information necessary for service delivery
What we never do
- Sell your data to third parties — ever
- Use your identifiable data to train models for other customers
- Access your data without explicit authorization or legal requirement
- Retain data beyond your configured retention period
- Share your data with advertising networks or data brokers
Your controls
- Data export: full export of all your data in standard formats at any time
- Data deletion: request complete deletion of all your data
- Retention policies: configure per-data-type retention periods
- Network opt-out: disable contribution to anonymized network intelligence
- Audit logs: full visibility into who accessed what and when
Incident Response
When something goes wrong, speed matters
We operate under a strict incident response protocol with defined SLAs for detection, containment, notification, and disclosure. Our incident response team is staffed 24/7 with senior security engineers.
We believe in transparency during incidents. Affected customers are notified promptly with honest, detailed communication — not lawyered-up press releases days after the fact.
0-5 min
Automated detection and alerting
5-15 min
Security team assessment and containment
15-60 min
Root cause analysis and remediation
1-4 hrs
Customer notification (if applicable)
24-72 hrs
Post-incident review and disclosure
Responsible Disclosure
Found a security vulnerability? We take every report seriously and respond within 24 hours. We do not pursue legal action against researchers who follow our responsible disclosure policy.
Report a VulnerabilitySecurity you can verify
Request our SOC 2 Type II report, review our security practices, and talk to our security team directly.