Security

We take the security of your data seriously. This is a draft pending review.

Data protection

• Data is transmitted over encrypted (TLS) connections.
• Sensitive third-party credentials are encrypted at rest using authenticated encryption (AES-256-GCM).
• Access to production systems is restricted and authenticated.

Sub-processors

We use vetted vendors for hosting, AI processing, payments, and email. See our Privacy Policy for the current list.

Reporting a vulnerability

If you believe you have found a security vulnerability, please report it responsibly to [email protected]. We appreciate coordinated disclosure and will work to address valid reports promptly.