Security
Security is designed in from the start — not bolted on at the end.
Encrypted connections
All traffic served exclusively over HTTPS (TLS 1.2+). Strict transport security is enforced — no unencrypted fallback, ever. API and inter-service traffic within our infrastructure is also encrypted.
Secure hosting
We run on enterprise cloud providers holding ISO 27001 and SOC 2 certifications. Physical and network security is managed and independently audited by our infrastructure partners.
Access control
Least-privilege access across all systems. Every admin action requires multi-factor authentication. Access logs are retained and reviewed regularly for anomalous activity.
Data protection
Data encrypted in transit and at rest. We collect only what is necessary, never share with data brokers, and securely delete data when no longer needed.
Found a vulnerability?
Report it privately before disclosure, give us time to remediate, and avoid accessing data that isn't yours. We acknowledge every report, keep you informed, and credit you if you wish.