Trust & security
Safe by default, transparent by design.
Approval gates, spend caps and an immutable audit trail on everything that matters — plus the certifications enterprise buyers expect.
Certifications
Audited and compliant
The attestations and standards we hold so your security review moves fast.
SOC 2 Type II
Independently audited security, availability and confidentiality controls.
GDPR / UK-GDPR
Full data-subject rights, DPA available, lawful processing by design.
EU data residency
Process and store data in EU regions on request.
Controls
What protects your workspace
Every worker and integration is scoped to the minimum it needs — and logs what it did.
SSO & RBAC
SAML/OIDC single sign-on with role-based access control.
Audit logs
Immutable, append-only logs of every action, exportable on demand.
Encryption
AES-256 at rest, TLS 1.2+ in transit, scoped secrets.
Approval gates
Destructive or outward-facing actions require explicit sign-off.
Spend caps
Hard per-workspace limits and alert thresholds you control.
Least privilege
Every worker and integration is scoped to the minimum it needs.
Subprocessors
Who we rely on
The infrastructure providers in our supply chain, and what each one handles.
| Subprocessor | Purpose |
|---|---|
| AWS (eu-north-1) | Infrastructure & compute |
| Vercel | Edge hosting & deploys |
| Supabase | Application database |
| Clerk | Authentication |
| Resend | Transactional email |
Reliability
Built to stay up
trailing-90-day uptime
Tell us the outcome. We handle the rest.
Describe what you want to be true. The work gets done — and you see exactly what happened, step by step.