Trust Center

Last Updated: 06/01/2026.

This page outlines the security, privacy, and governance controls we have established to protect our customers, their data, and the services we operate. These controls reflect our commitment to maintaining a strong security posture across our infrastructure, products, and organization.

We continuously design, implement, and review these measures to align with industry best practices, regulatory expectations, and the trust our customers place in us.

1. Controls

Access & Infrastructure Securit

• Encryption key access restricted to authorized users with business need

• Unique account authentication enforced (unique credentials or SSH keys)

• Production application access restricted to authorized users

• Access control procedures established for user add / modify / remove

• Production database access restricted

• Firewall access restricted

• Production operating system access restricted

• Production network access restricted

• Access revoked promptly upon employee termination

• Unique authentication enforced for production network access

• Remote access to production systems encrypted and restricted

• Infrastructure performance and availability monitored

• Network segmentation implemented to protect customer data

• Firewall rules reviewed at least annually

• Network firewalls utilized to prevent unauthorized access

• Network and system hardening standards documented and reviewed

• Service infrastructure patched and maintained against vulnerabilities

Organizational Security

• Secure asset disposal procedures followed with certificates of destruction

• Formal inventory of production assets maintained

• Portable and removable media encrypted

• Anti-malware technology deployed and routinely updated

• Code of Conduct required for contractors

• Code of Conduct acknowledged by employees and enforced

• Confidentiality agreements required for contractors

• Confidentiality agreements signed by employees

• Annual performance evaluations conducted

• Visitor access procedures enforced for secure areas

Product Security

• Sensitive customer data encrypted at rest

• Confidential data encrypted in transit over public networks

• Vulnerability management and system monitoring policies established

Internal Security & Governance

• Cybersecurity insurance maintained

• Configuration management procedures established

• Formal change management procedures enforced

• Production deployment access restricted to authorized personnel

• Board meetings conducted with documented minutes

• Customers notified of critical system changes

• Management security roles and responsibilities defined

• Organizational structure documented

• Security roles and responsibilities formally assigned

• Internal system changes communicated to authorized users

• Quarterly access reviews conducted

• Security commitments communicated in customer agreements

• Service descriptions communicated internally and externally

• Third-party agreements include confidentiality and privacy clauses

Data & Privacy

• Data retention and secure disposal procedures established

• Customer data deleted upon service termination

2. Subprocessors

• Linear — Product and engineering work tracking

• GitHub — Version control and code hosting

• Sentry — Production monitoring and regression detection

• PostHog — Product analytics and user behavior insights

• Loom — Internal and external video communication

• Microsoft Azure — Cloud infrastructure hosting private OpenAI model deployments

• Notion — Internal documentation and knowledge sharing

• Office 365 — Document creation and management

• Slack — Internal company communication and collaboration

• Llamacloud — AI infrastructure and orchestration platform supporting model deployment and operations

• Resend — Email notifications