Public · Trust center
Built for teams
How we handle your data, our security controls, and our ongoing compliance posture.
01 · Locality
tenant_id; Postgres row-level security policies prevent cross-tenant reads.02 · Encryption
03 · Identity
04 · Observability
Every authenticated API request is recorded with timestamp, tenant, user (or API key), method, path, status, and IP. Audit retention: 90 days hot + 1 year cold. Application logs retained 30 days.
05 · Resilience
Nightly logical Postgres backups, retained 30 days. Quarterly restore drill against a scratch environment.
06 · Vendors
| Vendor | Purpose | Attestation |
|---|---|---|
| Anthropic | LLM (agent answers) | SOC 2 Type II |
| OpenAI | Embeddings | SOC 2 Type II |
| Hetzner | Hosting | ISO 27001 |
| GitHub | Source control + PR-on-edit | SOC 2 Type II |
07 · Compliance
08 · Contact
For security issues, write to security@<DOMAIN>.
Last updated · 2026-05-15