Security
Security is built into our development lifecycle. We align to widely adopted standards and keep defenses layered across the application, infrastructure, and operational processes.
Application Security
We design controls to meet the core objectives of the OWASP Application Security Verification Standard (ASVS) Level 2, covering authentication, session management, access control, input handling, logging, and cryptography.
Identity & Authentication
Passwords are screened against breach corpuses, we allow paste and password managers, and we don’t enforce arbitrary periodic rotation absent risk indicators. MFA support is available for administrative accounts.
Transport & Encryption
TLS 1.2+ is enforced in transit. Data at rest uses strong, modern encryption. Keys and secrets are rotated regularly and stored using cloud‑native secret managers.
Monitoring & Incident Response
We collect structured logs, alerts, and metrics with least‑retained content. We maintain runbooks and target rapid detection, triage, and communication SLAs.
Secure Development
Changes undergo review and automated checks. We avoid logging sensitive data, isolate secrets, and test critical paths. Third‑party libraries are monitored for advisories.
Framework Alignment
Controls map to ISO/IEC 27001:2022 themes (organizational, people, physical, technological). For customers who require it, we align our control descriptions to the SOC 2 Trust Services Criteria and can share a formal report when available.