Legal · Security
Security.
Security is foundational for an engineering system of record. Here's how we think about it — and what we'll send you on request.
Authentication & access
Credentials login with bcrypt-hashed passwords, JWT sessions, and middleware-enforced route protection. SSO/SCIM available on Enterprise.
Encryption
TLS in transit. AES-256 at rest for user-supplied LLM keys. Database storage encrypted at rest via the hosted provider (Neon Postgres).
Auditability
Every state-changing action writes to an immutable ActivityLog so you can reconstruct what happened on any artifact, by whom, when.
Review-gated AI
AI suggestions enter a PENDING state. A human accepts or rejects before any domain record changes. No silent writes.
Tenant scoping
All queries are scoped to the caller's organization. Cross-tenant access requires explicit invitation and project-level membership.
Responsible operations
Managed infrastructure (Vercel, Neon), least-privilege service accounts, dependency scanning, and patch hygiene as part of routine deploys.
Need a security questionnaire or our compliance status?
For vendor security reviews, SOC 2 status, penetration testing summaries, or incident response procedures, get in touch and we'll send the current pack.