Trust center
Use this page during procurement and security reviews. It centralizes technical controls, operational practices, and ownership boundaries that enterprise buyers request.
Security review artifacts
| Artifact | Status | How to request |
|---|---|---|
| Security questionnaire support | Available | [email protected] |
| Subprocessor disclosures | Documented in privacy configuration and trust docs | Security & privacy |
| Operational readiness posture | Published | Operations guide |
Security controls
- TLS-only production posture with HSTS and strict security headers.
- Workspace authorization policies across UI and API routes.
- Token-based API access with workspace-scoped Sanctum abilities.
- Queue isolation for ingestion and analytics workloads.
Identity and access
Enterprise identity routing supports domain-based SSO entrypoints and workspace-level SSO enforcement controls. Google OAuth is available today where configured, and SAML/OIDC adapter architecture is prepared for phased rollout.
Auditability
Workspace audit log includes authentication and administration events, with filterable views and CSV export for enterprise tiers.
Data retention and privacy
Retention windows, purge jobs, and subprocessor disclosures are managed in configuration and surfaced in docs. Review Security & privacy for current defaults.
Operational readiness
Runtime checks are available via platform:readiness-check and are scheduled in production to detect dependency drift (Redis/Imagick/queue connectivity).