Security & Compliance

Enterprise-ready trust. Without enterprise-procurement pain.

SOC 2 controls, GDPR-grade data handling, row-level security in the database, audit logs on every action, and an optional HIPAA Business Associate Agreement for healthcare clients.

Database row-level security

Every protected table has RLS policies. A buggy frontend cannot leak data — the database refuses to return it.

SOC 2-aligned controls

Access reviews, password policy, MFA on admin accounts, vendor risk reviews, and incident response procedures.

W-8BEN automated

Foreign-contractor tax forms collected at onboarding, version-controlled, and exposed to clients on the application detail page.

Audit log of every action

Role changes, payment events, contract signatures, and admin overrides are all permanently logged with actor + timestamp.

Encrypted at rest & in transit

TLS 1.2+ everywhere, AES-256 at rest, signed URLs for asset downloads (1-year max TTL).

HIPAA-ready BAA

Available for healthcare clients on request. Contractors handling PHI complete HIPAA training before their first shift.

Policy & legal docs

For your procurement team.

Privacy Policy
How we collect, store, and use personal data.
Request →
Terms of Service
Master agreement governing every client engagement.
Request →
Data Processing Agreement
Available on request for EU / GDPR-regulated clients.
Request →
BAA (HIPAA)
Healthcare-specific addendum. Request via support.
Request →
Subprocessor list
Supabase, Stripe, Wise, Vercel — our complete data-handling stack.
Request →

Need a deeper security review?

We have a standard security questionnaire and architecture diagram ready to share under NDA.

Request security pack