Security Overview
- Authentication and authorization controls are enforced
- Role-based access and least-privilege data policies protect user information
- Encryption is applied in transit and at rest
- Administrative actions require elevated approval and server-side verification
Data Locations
Primary processing in the United States. See DPA for transfer mechanisms.
Subprocessors
We use trusted third-party service providers to operate and improve the Service. Each provider is subject to appropriate data protection commitments.
- Cloud hosting and content delivery
- Authentication and data storage services
- Email and notification services
- Payment processing for subscriptions and billing
Our subprocessors may change over time. We can provide an updated list upon request.
Incident Response
We investigate reported incidents promptly and notify affected customers when required by law and contract.