Security infrastructure for support operations
Encryption
In transit and at rest
Audit logs
Tools, configs, approvals — recorded
Tenant isolation
Data never crosses tenant boundaries
Sub-processors
Listed with change notifications
Defense in depth
Layered controls — encryption, operational gates, and data handling — applied at every step of the support workflow.
- TLS 1.3 in transit
- AES-256 at rest
- Tenant-isolated key management
- Encrypted backups with separate keys
- Audit logs per action — tool, config, approval
- Immutable workflow snapshots on publish
- Approval gates by intent, amount, and risk
- Regular third-party penetration testing
- Data minimization at collection
- Right to access and deletion
- Sub-processors disclosed and notified
- Region-aware data residency on Enterprise
Aligned to the frameworks your procurement asks for
Audit reports, DPAs, and sub-processor lists are available on request — no waiting for a sales call.
Audit in progress; summary available on request under DPA.
Controls aligned to ISO 27001; audit roadmap shared on request.
Data handling aligned to GDPR; DPA available on request.
California consumer privacy rights honored on request.
Application security follows OWASP guidance; reviewed on every release.
Operational controls map to the NIST Cybersecurity Framework.
Independent third-party tests with remediation tracked to closure.
Disclosed list with change notifications — see /sub-processors.
The documents your security team needs
Sub-processors are public; DPAs, BAAs, audit summaries, and penetration test reports are available on request.
Bring security into the loop early.
Most teams hand us off to security review at procurement. Looping them in before then makes the deal move faster.