Trust Services Criteria

Our security controls

How we protect your data across the Security, Availability, and Confidentiality criteria. Status is shown honestly — we don’t list a control as in place until we can evidence it for an audit.

Status:In placeIn progressPlanned

Access control

AC-01

Tenant isolation

Every record is scoped to an account and isolated with Postgres row-level security, so one customer can never read another customer’s metadata.

SecurityConfidentiality
In place
AC-02

Role-based least privilege

Roles and granular permissions gate every action, with a read-only viewer role as the fail-safe default. Writes require an explicit permission.

Security
In place
AC-03

Multi-factor authentication

MFA is available to every user and required for administrative access. Sign-in and consent surfaces are protected against clickjacking.

Security
In place
AC-04

SSO & automated provisioning

Enterprise SSO (SAML/OIDC) and SCIM directory sync are available. Deprovisioning always revokes access, even when other toggles are off.

Security
In place

Encryption

EN-01

Encryption at rest

Third-party OAuth tokens are encrypted with AES-256-GCM and stored in an isolated database schema that is not exposed by our public API.

SecurityConfidentiality
In place
EN-02

Credential hashing

API keys are stored only as a salted hash and shown in full exactly once, at creation.

Security
In place
EN-03

Encryption in transit

All traffic is served over TLS, with HTTP Strict Transport Security enforced in production.

Security
In place

Data handling

CF-01

Metadata-only access

We read Salesforce metadata through a strict allowlist that structurally cannot query the contents of your records.

Confidentiality
In place
CF-02

Data classification & retention

Customer metadata is retained only while an org is connected and deleted or de-identified on disconnect, in line with our Data Retention policy.

Confidentiality
In progress

Network security

NW-01

Edge protection & rate limiting

A managed web application firewall and per-IP rate limits guard public endpoints, backed by a baseline set of security response headers.

Security
In place
NW-02

Webhook authenticity

Every inbound webhook (billing, identity, database, integrations) is verified by cryptographic signature before it is processed.

Security
In place

Logging & monitoring

LM-01

Audit logging

Security-relevant events and schema changes are recorded in append-only logs for accountability and evidence.

Security
In place
LM-02

Error monitoring & alerting

Application errors are captured and alerted on so issues are detected and triaged quickly.

SecurityAvailability
In place

Change management

CM-01

Reviewed, tested change control

Code and database changes flow through version control with automated type, lint, and schema-drift checks before release.

Security
In progress
VM-01

Vulnerability management

Dependencies are kept current automatically, and code is scanned for secrets and known vulnerabilities in the pipeline.

Security
In progress

Vendor management

VR-01

Subprocessor due diligence

Each subprocessor is reviewed for security posture, and its compliance report and data-processing agreement are kept on file.

SecurityConfidentiality
In progress

Availability

AV-01

Automated backups

The production database is backed up automatically with point-in-time recovery.

Availability
In progress
AV-02

Disaster recovery testing

A documented recovery runbook is periodically tested by restoring from backup and measuring recovery objectives.

Availability
In progress
AV-03

Health & status monitoring

System health is continuously monitored, with a public status page for real-time and historical availability.

Availability
In progress

Governance

IR-01

Incident response

A documented incident-response process defines detection, escalation, customer notification, and post-incident review.

SecurityAvailability
In progress
RA-01

Risk assessment

Security risks are identified, rated, and tracked to treatment in a maintained risk register, reviewed at least annually.

Security
In progress