Tenant isolation in the database
Every query runs inside a session-pinned transaction enforced by PostgreSQL Row-Level Security, so the workspace boundary lives in the database — an application bug cannot read across tenants because the database itself refuses. The policy SQL is shared on request.
Source: SecurityImmutable audit log
Every privileged action is captured in an immutable, hash-chained audit log recording actor, IP, target, and a before/after diff. It is streamable to your SIEM so you keep an independent record of what happened in your workspace.
Source: SecurityEncryption everywhere
Data is encrypted at rest with AES-256-GCM on every Postgres branch, object store, and Redis namespace, and in transit with TLS 1.3 (HSTS preload, TLS 1.2 disabled). Tokens, signing keys, and PII columns get field-level encryption with keys in AWS KMS.
Source: SecuritySigned webhooks
Outbound webhooks for issue, project, and cycle events are signed so receivers can verify each request is authentic, with automatic retries and at-least-once delivery. Build integrations that trust the payload they receive.
Source: Developer webhooksSSO, SAML & SCIM
SAML 2.0 single sign-on plus SCIM 2.0 provisioning map your identity-provider directory groups straight to workspace roles, with automated deprovision on termination. Available on Enterprise.
Source: SecurityData residency & region pinning
Choose US-East or EU-West at workspace creation; the choice is permanent and enforced at the database, storage, AI gateway, and CDN edge. Cross-region replication is opt-in and gated by an admin-signed export that lands in the audit log.
Source: SecurityGDPR & DPA
A Data Processing Agreement is offered to every paid customer, with EU data residency available on the EU-West region. Self-serve workspace deletion cascades through every storage tier, including backups, to honor erasure requests.
Source: Data Processing AgreementSOC 2 Type II
Our Type II observation window is being established against the Security, Availability, and Confidentiality criteria, with continuous automated control monitoring. The report will be available to Business and Enterprise customers under NDA once attestation completes.
Source: SecurityIncident response & disclosure
We plan to commission third-party penetration testing and to run a coordinated vulnerability-disclosure program with rewards for verified findings at launch. Security incidents are handled by a defined response process.
Source: SecuritySub-processors & legal terms
Our infrastructure sub-processors (database, object storage, AI gateway, email, payments) are disclosed in the legal center alongside the Terms of Service, Privacy Policy, and security overview, so you know exactly who processes your data.
Source: Legal center