Security

Security is part of how we build. Here's the practical detail behind that — what we do today, in plain language.

Data Encryption

AES-256-GCM encryption at rest and TLS 1.3 for all data in transit.

Access Controls

Role-based access controls with multi-factor authentication and scoped API keys.

Privacy by Design

Selective disclosure, minimal data collection, and consent-based verification flows.

Security Practices

  • AES-256-GCM encryption at rest with per-tenant keys
  • TLS 1.3 encryption for all data in transit
  • Modern credential signing (Ed25519 / ECDSA P-256)
  • JWT-based authentication with token rotation
  • Input sanitization and XSS prevention
  • Parameterized queries for SQL injection prevention
  • HSTS, CSP, and X-Frame-Options security headers

Infrastructure

  • Cloud infrastructure with VPC isolation
  • Encrypted PostgreSQL with backups
  • Redis with AUTH and TLS encryption
  • Multi-tenant isolation with row-level security
  • Rate limiting and DDoS protection at the edge
  • Automated daily backups with retention policies
  • Health probes for container orchestration
  • Graceful shutdown with in-flight request draining

Security Questions?

We're happy to walk through our practices in detail.

Contact Us