Security & Compliance
Enterprise-Grade Security
Security and compliance are a foundation, not an afterthought. We're undergoing a SOC 2 Type II audit, with completion expected in Q3 2026, and every layer of our infrastructure is designed to meet enterprise security standards.
Security Measures
Comprehensive security controls protect your data at every level.
SOC 2 Type II Audit In Progress
We're undergoing a SOC 2 Type II audit, with completion expected in Q3 2026. Our security controls are being independently assessed against the Trust Services Criteria.
Data Encryption
256-bit encryption for data in transit (TLS 1.3) and at rest (AES-256). All API keys and credentials are encrypted.
Access Controls & RBAC
Role-based access control with granular permissions. Multi-factor authentication required for all administrative access.
Audit Logs & Monitoring
Every query, source, and output is logged and exportable to your own compliance tooling. Continuous monitoring across encryption, access controls, and vendor management.
Data Residency Options
Data stored in regions you specify. VPC and on-premise deployment options are available for organizations with strict data residency requirements.
Compliance Status
SOC 2 Type II is our current compliance focus — we're not pursuing ISO 27001 or other frameworks at this time.
SOC 2 Type II
Audit in progress
Security, availability, and confidentiality controls — audit expected to complete Q3 2026.
Security Architecture
A multi-layered security architecture protects your data from infrastructure to application level.
Infrastructure Security
- Infrastructure undergoing a SOC 2 Type II audit
- Regular security patches and updates
- 24/7 security monitoring and threat detection
- DDoS protection and intrusion detection
Application Security
- Role-based access control (RBAC) with granular permissions
- Multi-factor authentication (MFA) for all admin access
- API rate limiting and request validation
- Regular security audits and penetration testing
Data Protection
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for all data at rest
- Encrypted storage for API keys and credentials
- PII redaction and field-level data controls
Access Our Trust Center
Our full security documentation, audit reports, and policies are available through our Trust Center. Access requires signing an NDA — request access below and you'll be notified once it's approved.
Request Trust Center Access →Give us your twenty hardest questions.
We'll demo on your SKUs, run your evals, and show citations for every answer.
- Real Examples
- Working Demo
- Your Data