Security & trust
Built for teams that need governance, not guesswork.
Data encryption
All data in transit is protected with TLS 1.2+. Data at rest is encrypted on MongoDB Atlas and OCI Object Storage.
Tenant isolation
Organization data is scoped by org_id on every API request. Cross-tenant access is blocked at the application layer with automated isolation tests.
Authentication
Google OAuth for MVP. OIDC/SAML SSO available on Business and Enterprise plans (roadmap).
Audit & activity
Organization admin actions are logged to an append-only activity stream. Full SIEM export on Enterprise.
Subprocessors
Stripe (payments), Cloudflare (CDN/hosting), MongoDB Atlas (database), Oracle Cloud (media storage), Google (OAuth).
Compliance roadmap
SOC 2 Type I program planned for Phase 3. We provide security questionnaires and DPA templates for enterprise procurement.