Security
Enterprise-grade data protection for your management data.
Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.2+). Integration credentials stored server-side, never exposed to the browser.
Data Isolation
Row Level Security enforces strict organization isolation at the database level. No cross-tenant data access is possible.
Access Control
Role-based permissions (owner, admin, manager). Comprehensive audit logging of all security-relevant actions.
AI Data Handling
Minimal data sent to AI providers. No customer data used for model training. AI features are optional and can be disabled.
Integration Security
OAuth 2.0 with minimal scopes. Read-only calendar access. Slack signature verification. All API calls server-side only.
Compliance
SOC 2 Trust Service Criteria mapped. GDPR-ready with configurable data retention, right to erasure, and data export.
Security documentation
We provide a comprehensive security overview covering architecture, data flows, encryption, access control, audit logging, third-party services, incident response, SOC 2 control mapping, and GDPR considerations.