Encryption
AES-256 at rest, TLS 1.3 in transit. Customer-managed keys (CMK) available on Enterprise.
- Per-tenant key isolation
- Hardware security modules (HSM)
- Key rotation policies
Security & ComplianceEnterprise-grade by default.
Enterprise-grade by default.
Audit-ready by design.
Built from the ground up for regulated industries. Every control, every log, every certification you need to sleep at night.
AES
AES-256 encryptionAt rest & in transitSSO
SSO & SCIMSAML, OIDC, directory syncEU
Regional data residencyUS, EU & APAC24/7
Always-on monitoringAnomaly detectionSecurity Architecture
Defense in depth, without the friction.
Six layers of protection — from transit encryption to tamper-evident audit trails — all transparent to your end users.
Identity & Access
Bring your own IdP with SAML, OIDC, and SCIM. Enforce MFA globally or per-role.
- SAML 2.0 · OIDC · SCIM 2.0
- Just-in-time provisioning
- Role-based + attribute-based
Audit Trails
Every access, edit, and permission change recorded. Tamper-evident and exportable.
- Immutable event log
- SIEM integration
- 7-year retention on Enterprise
Data Residency
Choose where your documents live. US, EU, and APAC regions available today.
- Regional tenancy
- Cross-region replication (opt-in)
- Data localization guarantees
Threat Detection
Anomaly detection on access patterns. Automatic lockouts on impossible travel.
- Internal monitoring
- Bug bounty program
- Periodic penetration tests
Governance
Policies for retention, legal hold, and DSR workflows — built into the platform.
- Document retention rules
- Legal hold & eDiscovery
- Right-to-erasure automation
99.99%
Enterprise uptime SLA
<15min
Critical incident response
0
Data breaches since launch
7yr
Audit log retention
Request our security package.
Security overview, DPA, architecture diagrams, and penetration test summary — available under NDA in minutes.