All data is encrypted in transit using TLS 1.2+ (HTTPS). Data at rest is encrypted using AES-256 at the database level.
Your data is completely isolated from other organizations on the platform. This isn’t just application-level filtering — isolation is enforced at the database level through row-level security policies. Every query is scoped to your organization automatically. There is no way for one organization to access another’s data, even in the event of an application-level bug.
Access to your data requires:
API keys are similarly scoped — a key can only access data belonging to the organization that created it, and only within the scopes assigned to it.
All significant actions are recorded in an append-only audit log. This includes data creation, updates, deletions, imports, and administrative actions. Audit logs are retained for 7 years for compliance purposes.