Data Security
- All data is encrypted in transit (HTTPS/TLS)
- Row-Level Security (RLS) ensures users can only access their organization’s data
- Role-based access control (Admin vs Member)
- Automatic session timeout after inactivity
Authentication
- Email/password authentication with strength requirements
- Google OAuth integration
- Password reset via email
- Email verification required for new accounts
Data Isolation
- Each organization’s data is fully isolated
- Cross-organization access is prevented at the database level
- Users can only see incidents, evidence, and actions within their organization
Compliance
- SOC 2 Ready infrastructure
- GDPR-compliant data handling
- Cookie consent management
- Privacy Policy and Terms of Service available at
/privacyand/terms