A summary of how we protect your data.
Every workspace runs in its own Docker container backed by a dedicated PostgreSQL database. No shared tables, no shared rows, no cross-customer queries.
All traffic is served over TLS 1.2+ using Cloudflare Origin Certificates with Full (Strict) mode. Database credentials are generated per-workspace and rotated when containers are recreated.
Signup requires email verification. Passwords are hashed with bcrypt. Admin sessions are JWT-based with short expirations. Rate limiting is applied to signup, login, and password-reset endpoints.
Nightly encrypted snapshots of every workspace database. You can trigger a manual backup and download a full export from the in-app Settings page.
All payment processing is handled by Stripe, which is PCI DSS Level 1 compliant. Card numbers never reach our servers.
Found something? Please email
[email protected] with a subject
prefix of [SECURITY]. We’ll acknowledge within one business day.