Security
Your data is protected by enterprise-grade security measures.
Encryption
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. No unencrypted data ever leaves our infrastructure.
EU Data Residency
All data is stored and processed within the European Union. Database, file storage, and AI inference run exclusively in EU regions.
Tenant Isolation
Each tenant's data is isolated using Row-Level Security (RLS) in PostgreSQL. Defense-in-depth with app-level filtering and database-level enforcement.
Access Control
Authentication via RS256 JWT with JWKS key rotation. Each session is scoped to a specific tenant with strict access boundaries.
RAG Security
Uploaded documents are stored in encrypted R2 buckets. Automatic chunking and embedding with secure processing pipeline. Documents deleted within 15 minutes of request.
Infrastructure
Built on Cloudflare's global edge network for DDoS protection and performance. Serverless architecture eliminates traditional server vulnerabilities.
Audit Trail
All data operations are logged in an immutable audit trail. Deletion events, retention cleanups, and access patterns are fully traceable.
Incident Response
Automated breach detection with 72-hour notification to affected customers. Regular security assessments and vulnerability management.