How we keep customer data protected.

Security & privacy posture

Built-in safeguards

• Transport & delivery: portal traffic sits behind Cloudflare with TLS 1.2+, HSTS, and signed download links that expire in 72 hours.
• Data isolation: Postgres Row-Level Security scopes every record to its owner, and uploads/reports stay in private object storage with signed URLs.
• Operational controls: secrets live in managed stores, admin actions are logged, and we maintain an incident response playbook for detection, isolation, and notifications.
• Privacy operations: GDPR duties are covered via our privacy policy, DPA templates, and data-subject workflows so you always know how data is processed.