Compliance
SOC2 TYPE II
GDPR
ISO 42001:2023
ISO 27001:2022
HIPAA
Controls
App Security
- Code Analysis
- Secure Development Practices
- Web Application Firewall
Data Security
- Access Monitoring
- Backups
- Encryption
Access Control
- Data Access
- Logging
- Password Security
Endpoint Security
- Disk Encryption
- MDM
- Threat Detection
Network Security
- Real time security and events management
- Zero Trust
Corporate Security
- Email protection
- Employee Training
- Incident Response
Security Grades
- CryptCheck
- HSTS Preload List
- ImmuniWeb
Infrastructure
- Cloud Infrastructure Provider
- Anti DDoS
- Business Continuity and Disaster Recovery
Reports
- Pen Test Report
- Architecture Diagram
- Certifications
Product Security
- Audit Logging
- Integrations
- Security Contact
Subprocessors
View all subprocessorsAlso Compliant In
Controls
Overview
Our security program covers organizational, technical, and operational controls designed to protect customer and company data. We align with recognized frameworks and continuously improve our posture through assessments, monitoring, and training. The sections on the right summarize how we approach application security, data protection, access, endpoints, networks, corporate practices, third-party signals, infrastructure, reporting, and product-level safeguards.
App Security
How we secure the application lifecycle: scanning, engineering practices, and edge protection.
Code Analysis
Code Analysis is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Secure Development Practices
Secure Development Practices is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Web Application Firewall
Web Application Firewall is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Data Security
Monitoring, redundancy, and encryption for organizational and customer data.
Access Monitoring
Access Monitoring is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Backups
Backups is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Encryption
Encryption is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Access Control
Governance around who accesses data and systems and how activity is audited.
Data Access
Data Access is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Logging
Logging is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Password Security
Password Security is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Endpoint Security
Baseline protection on devices accessing company systems.
Disk Encryption
Disk Encryption is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
MDM
MDM is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Threat Detection
Threat Detection is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Network Security
Segmentation, monitoring, and resilient network architecture.
Real time security and events management
Real time security and events management is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Zero Trust
Zero Trust is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Corporate Security
People-centric controls: phishing defense, readiness, and response.
Email protection
Email protection is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Employee Training
Employee Training is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Incident Response
Incident Response is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Security Grades
External attestations of our public-facing security posture.
CryptCheck
CryptCheck is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
HSTS Preload List
HSTS Preload List is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
ImmuniWeb
ImmuniWeb is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Infrastructure
Cloud posture, denial-of-service protection, and operational continuity.
Cloud Infrastructure Provider
Cloud Infrastructure Provider is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Anti DDoS
Anti DDoS is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Reports
Artifacts we maintain for assurance: testing, diagrams, and certification evidence.
Pen Test Report
Pen Test Report is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Architecture Diagram
Architecture Diagram is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Certifications
Certifications is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Product Security
Capabilities inside the product: audit trails, integrations, and security contact.
Audit Logging
Audit Logging is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Integrations
Integrations is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Security Contact
Security Contact is documented and reviewed as part of our security and compliance program, aligned with applicable standards and internal policies.
Subprocessors
-
OpenAI • Commercial vendor,SaaS
Corporate Location
United States
Nature and Purpose of Processing
Generative AI services provider for intelligence product features
Categories of data (including personal)
Personal data contained in user account information and text or files created by customer and stored in Applicable Cloud Products
Location of Processing
United States
-
AWS • PaaS
Corporate Location
United States
Nature and Purpose of Processing
Cloud Infrastructure for our apps and services
Categories of data (including personal)
Personal data contained in user account information and text or files created by customer and stored in Applicable Cloud Products
Location of Processing
EEA (Sweden, Ireland and Germany), UK, Canada, Australia, Brazil, Singapore, South Korea, USA, India, Japan
-
Microsoft • IaaS
Corporate Location
United States
Nature and Purpose of Processing
Cloud hosting provider
Categories of data (including personal)
Personal data contained in user account information and text or files created by customer and stored in Applicable Cloud Products
Location of Processing
United States, Australia, Netherlands