Back to home
Security & Trust

Enterprise-grade security, built in

Your data is your data. We protect it with encryption, strict access controls, and transparent practices. Not paywalled behind an enterprise add-on.

TLS 1.2+
AES-256 at rest
SSO / SAML
RBAC + RLS
Version history
Data residency

Infrastructure

  • Hosted on AWS with multi-AZ deployments across US regions for high availability
  • Cloudflare edge network in front of all traffic with TLS termination, automatic HTTPS, and certificate management at 300+ global PoPs
  • Cloudflare WAF with managed rulesets to block SQL injection, XSS, and OWASP Top 10 threats before they reach origin servers
  • Cloudflare DDoS mitigation (L3/L4/L7): always-on, automatic, with unlimited unmetered protection
  • Cloudflare Bot Management to filter malicious automated traffic, credential stuffing, and scraping
  • TLS 1.2+ encryption for all data in transit, end-to-end from client to Cloudflare to origin with full strict SSL mode
  • AES-256 encryption at rest for databases, file storage, and backups
  • Automated, encrypted backups with point-in-time recovery and cross-region replication
  • VPC isolation with private subnets, security groups, and strict firewall rules on AWS
  • Cloudflare firewall rules for IP allowlisting, geo-blocking, rate limiting, and request validation
  • AWS Shield for additional infrastructure-layer DDoS protection

Authentication & Access

  • SSO / SAML integration for enterprise identity providers (Okta, Azure AD, Google)
  • Multi-factor authentication (2FA) with TOTP authenticator apps
  • Role-based access control (RBAC) with owner, admin, editor, viewer per organization
  • Row-level security (RLS) enforced at the database layer per tenant
  • Session management with secure, HTTP-only cookies and automatic expiry
  • Per-link permissions (viewer, commenter, or editor) with optional passwords and expiry dates
  • Break-glass workflows with full audit trails for elevated access

Data Protection

  • Data ownership: you own your content. We claim zero IP rights over user-created data
  • Data residency options available on Enterprise plans
  • Soft-delete with 30-day retention before permanent purge. Accidental deletes are recoverable
  • Field-level masking for sensitive data in analytics pipelines
  • Least-privilege principle: services and APIs access only the data they need
  • GDPR-aligned data handling with purpose limitation, data minimization, and retention policies

AI Trust

  • We do NOT use your data to train or fine-tune AI models. Ever
  • AI inputs are processed in-memory and discarded after generation. No persistent storage
  • Content sanitization before and after AI processing to prevent injection attacks
  • All AI actions are auditable: inputs, outputs, and model versions are logged
  • Confidence thresholds on AI proposals. AI never auto-commits; humans always approve
  • PHI/PII redaction pipelines available for sensitive workloads (Enterprise)

Compliance & Privacy

  • Published Privacy Policy, Terms of Service, Cookie Policy, and Acceptable Use Policy
  • Consent management via Termly so users control cookie preferences at all times
  • GDPR-aligned processing with transparent data handling disclosures
  • Rate limiting, CSRF protection, HSTS, and Content Security Policy (CSP) headers
  • Content sanitization to prevent XSS and injection attacks across all user inputs
  • Working toward SOC 2 Type II and ISO 27001 certification

Availability & Reliability

  • 99.9% uptime for all plans. 99.99% SLA on Enterprise with financial credits
  • Multi-zone redundancy for database and storage layers
  • Automatic failover with zero-downtime deployments (blue-green via Vercel)
  • Real-time monitoring, structured logging, and alerting on all critical services
  • Disaster recovery drills with defined RPO/RTO targets
  • Version history with instant restore. Roll back to any previous state in seconds

Need more? Let's talk Enterprise.

SSO/SAML, dedicated support, custom integrations, data residency, 99.99% SLA, and unlimited AI credits, tailored to your organization.