Security & compliance
A dedicated trust surface for technical evaluators and procurement teams.
This page is added to answer a major recommendation in the report: security and compliance should be a first-class page family, not a subsection buried inside enterprise copy.
SOC 2 Type II
Annual independent audit. Report available during security review.
DPA & privacy
Standard DPA process, documented retention posture, and zero-training commitments.
Access controls
SAML, RBAC-ready workspace controls, scoped keys, and IP allowlists.
Incident process
Escalation path, public status page, and post-incident communication workflow.
Vendor review package
- security overview
- audit summary
- data handling FAQ
- support & incident policy
Common evaluator questions
- Where is customer data stored?
- How are API keys scoped and protected?
- What logs exist and how long are they retained?
- What happens during provider incidents?