Security

All traffic to our site and APIs is encrypted with TLS. Persistent records are stored in managed infrastructure with encryption at rest and access controls.

We never store third-party API keys or secrets in client code. Integration credentials supplied during an engagement are kept in a secrets manager and scoped to the minimum access required.

Automations are configured with the narrowest set of permissions needed to run a given workflow, and access is revoked when an engagement ends.

Found something? We appreciate responsible disclosure. Email us via the Contact page with details and we will respond promptly.