Governance

Policies

Summaries of the policies that govern our security program. The full, versioned documents are available on request under NDA.

Information Security

Our top-level security program, roles, and responsibilities.

Access Control

How access is granted, reviewed, least-privileged, and revoked.

Change Management

How code and infrastructure changes are reviewed, tested, and released.

Secure Development

Security practices across the software development lifecycle.

Incident Response

How we detect, escalate, communicate, and learn from incidents.

Business Continuity & DR

How we keep the service available and recover from disruption.

Vendor Management

How we evaluate and monitor the subprocessors we rely on.

Risk Assessment

How we identify, rate, and treat security risks.

Data Classification & Handling

How data is classified and protected by sensitivity.

Data Retention & Disposal

How long we keep data and how we securely dispose of it.

Acceptable Use

Rules for using company systems and handling data.

Encryption & Key Management

How we encrypt data and manage cryptographic keys.

Logging & Monitoring

What we log, how we monitor, and how long we retain it.

Availability & Backup

Our backup, recovery, and availability commitments.

Confidentiality

How we protect information designated as confidential.

Need the full documents?

The complete policy documents are shared under NDA alongside our SOC 2 report. Request access.