Six layers of trust.
Encryption
AES-256 at rest. TLS 1.3 in transit. End-to-end for sensitive flows like PII and payment.
Access controls
SSO/SAML, SCIM provisioning, role-based access, MFA enforced, audit log on every action.
Infrastructure
AWS in US-only regions. Multi-AZ. Daily backups with 30-day retention. DR runbook tested quarterly.
Compliance
SOC 2 Type II audited annually. Penetration tested quarterly. Bug bounty program active.
Privacy
GDPR + CCPA compliant. Data subject rights honored within 30 days. No selling of personal data, ever.
Human review
Every state filing reviewed by a specialist before submission. SOC 2 audit-trail-compatible.
External validation, documented.
SOC 2 Type II Report
Annual audit by AICPA-registered firm. Available under NDA via Trust Center request.
Penetration Test
Quarterly tests by third-party security firm. Executive summary available.
Bug Bounty Program
Active HackerOne program, payouts $250-$10,000 by severity.
Vendor Risk Reviews
Annual review of every subprocessor. List published.