Skip to content

Security

Our commitments and controls to keep your data safe.

Last updated: 2026-04-27

Infrastructure & Access

  • Cloud providers with industry‑standard physical and network security.
  • Least‑privilege access; MFA enforced for all accounts.
  • Isolated environments (dev/stage/prod) and segmented VPCs where applicable.

Data Protection

  • Encryption in transit (TLS 1.2+) and at rest using provider‑managed keys.
  • Backups with tested restore procedures and retention by environment.
  • Secure secrets management (no credentials in code or tickets).

Secure SDLC

  • Code review, CI checks, and dependency scanning.
  • Static analysis and container image scanning where relevant.
  • Change management with approvals and audit trails.

Incident Response

  • Documented runbooks with on‑call escalation.
  • Client notification and root‑cause analysis for material incidents.

Responsible AI

When using AI features, we follow data minimization, human‑in‑the‑loop, and evaluation practices. We respect data residency and opt‑out mechanisms for model training when available.

Contact

Security questions or disclosures: security{{ parse_url(config('app.url') ?? request()->getSchemeAndHttpHost(), PHP_URL_HOST) }}