Compliance

Security and compliance, built in

We take security seriously across our products, services, and internal operations. Here is our current posture — stated honestly, including what's still in progress.

Data resident in EU regions
Compliance posture

What's certified, in progress, and planned

The honest version a security review expects. We do not upgrade a status until it's true.

Standard Scope Status
GDPR All data processing aligned with EU GDPR. Data stays in EU regions. Compliant
CIS Benchmarks Kubernetes clusters hardened to CIS Benchmark Level 2 standards. Compliant
SOC 2 Type II Security, availability, and confidentiality controls under independent audit. In Progress
ISO 27001 Information security management system certification. Planned
How we secure delivery

The posture behind the certificates

A certificate list is the headline. What reassures a reviewer is how we run things day to day — where data lives, how clusters are hardened, and the controls on our own operations.

01

EU data residency

Customer data stays in EU regions by default — no transatlantic surprises.

02

Hardened clusters

CIS Benchmark Level 2 baselines, policy-as-code enforcement, least-privilege RBAC.

03

Internal controls

Access reviews, secrets management, and audit logging across our own operations.

04

Secure delivery

Encrypted in transit and at rest; change control and review on every production path.

Documentation

Documentation & questionnaires

We're happy to provide compliance documentation, answer security questionnaires, and support your vendor assessment process — tell us what your review needs.

Contact our security team →
Get started

Need our compliance documentation?

We support security questionnaires and vendor assessments — tell us what you need.