Compliance
SOC 2In Progress
ISO 27001:2022In Progress
CASA Tier 2Certified
CASA Tier 3In Progress
Resources
Policies
Controls
- Encryption key access restricted
- Production application access restricted
- Remote access encrypted enforced
- Production inventory maintained
- Employee background checks performed
- Code of Conduct acknowledged by employees and enforced
- Data encryption utilized
- Control self-assessments conducted
- Data transmission encrypted
- Organization structure documented
- System changes communicated
- Access requests required
- Data retention procedures established
- Data classification policy established
- Customer data deleted upon leaving
Subprocessors
Amazon Web Services•Cloud provider
Our infrastructure is primarily hosted on AWS. Most of our servers are in the US, spread across regions for critical availability.
Vercel•Engineering
As a hosting provider for frontend and API functionalities, request response data is stored here for debugging.
Stripe•Payments
Payment processing provider. We do not store payment card details on our servers.
PostHog•Analytics
We use PostHog for product analytics to improve user experience. No sensitive data is shared.