Non-claims and transparency
This page does not claim SOC2, ISO, HIPAA, or GDPR certification status.
Only controls supported by product behavior and documentation are described.
Security
Security and trust controls in plain language.
A practical overview of controls currently in place for technical and non-technical stakeholders.
Operational controls
Trust posture based on implementation evidence.
Control checklist
- Workspace-scoped access controls with membership checks.
- API key protections (shown once) with authenticated request patterns.
- CSRF protections and browser security headers/CSP.
- Payment verification before paid entitlement activation.
- Webhook idempotency and audit tracing with request IDs.
Workspace access boundaries
API key handling rules
Billing verification controls
View implementation notes
Customer-facing SLA language and explicit data-retention windows should always be reviewed against the latest policy owner decisions.