Example postureCustomer Trust Pages show live numbers from their own workspace.
99.99%
Uptime (90d)
247
Controls monitored
0
Open critical CVEs
3
Data regions
Certifications & frameworks
Audited by independent third parties.
SOC 2 Type II
Active
ISO 27001:2022
Active
ISO 42001 (AI)
In progress
GDPR
Aligned
HIPAA
Aligned
DPDP (India)
Aligned
Reports available under NDA — request via the security package link above.
Security measures
Defense in depth, end to end.
Data protection
AES-256 at rest, TLS 1.3 in transit. Per-tenant encryption keys with quarterly rotation.
Identity & access
SSO/SAML, SCIM provisioning, hardware-key MFA, least-privilege RBAC enforced at the row level.
Infrastructure
Multi-region, isolated tenant environments. Daily encrypted backups with 30-day point-in-time recovery.
Monitoring
24/7 detection on every control. Anomalies route to on-call within minutes via PagerDuty.
Vulnerability mgmt
Continuous SAST, DAST, dependency scanning. Critical findings patched within 24h.
AI governance
No customer data trains foundation models. Region-pinned inference. Full prompt/response audit log.
AI governance
AI you can put in front of an auditor.
- Customer data is never used to train foundation models.
- Region-pinned inference (US / EU) with vendor DPAs in place.
- Human-in-the-loop required for any write action.
- Every prompt, response, and tool-call is signed and logged.
- Aligned with ISO 42001 and NIST AI RMF.
ISO 42001NIST AI RMF
Subprocessors
Who we work with — and where your data sits.
| Vendor | Purpose | Region |
|---|---|---|
| AWS | Hosting & storage | us-east-1, eu-west-1, ap-south-1 |
| Cloudflare | Edge & DDoS | Global |
| Supabase | Managed Postgres & auth | Customer-pinned |
| OpenAI / Anthropic | LLM inference (opt-in) | US / EU |
| Resend | Transactional email | US |
| PostHog (self-hosted) | Product analytics | EU |