Security and data use

Customers upload real operating evidence. Our brand promise is proof — so security and truthfulness are product requirements, not footnotes.

Current assurance status

Status as of July 2026. We publish exact state — not implied certifications.

ControlStatus (as of July 2026)
Encryption in transit (TLS)In place via hosting (TLS for app traffic)
Encryption at restIn place via managed hosting/provider defaults
Access control & audit loggingIn place for customer workspaces (role-based access)
Penetration testingIn planning — not yet scheduled as a recurring independent programme
SOC 2 Type I / IINot started as a completed audit; readiness work is planned. Report available under NDA when ready
DPA / subprocessors listAvailable on request
Incident contact[email protected] (subject: Security diligence)

We do not claim completed SOC 2 or “regular penetration testing” unless dated evidence exists. Ask for the current package: [email protected].

Key controls

Assessment data use

What we will not claim

We will not publish synthetic public metrics, unqualified ROI, or integration status that has not passed production authentication and data-quality tests.

Contact

Security questionnaire, DPA, or current SOC 2 / pen-test package:
[email protected] (subject: Security diligence)