Trust Center
Data Protection
The safeguards, residency options and lifecycle controls that keep customer data protected end to end.
Overview
Data protection is engineered into every layer of the platform: encryption, access control, residency and retention are common infrastructure rather than per-project decisions. We treat customer data as a liability to be minimized and protected, not an asset to be accumulated.
From collection to deletion, every stage of the data lifecycle has an owner, a control and an audit trail — so customers always know where their data lives and who can reach it.
What this covers
Encryption everywhere
Data is encrypted in transit with modern TLS and at rest with managed keys, with envelope encryption for sensitive fields.
Data residency
Deployments can be pinned to specific cloud regions, with residency commitments contracted in writing.
Access governance
Least-privilege access, just-in-time elevation and full audit logging on every data touch.
Retention & deletion
Defined retention windows with reliable deletion on request and at end of retention — no indefinite hoarding.
Sub-processor diligence
Every sub-processor is vetted, documented and covered by a data processing agreement.
Backups & integrity
Encrypted, tested backups with integrity checks so data survives failure without being exposed.
FAQ
Frequently asked
- Yes. Deployments can be pinned to AWS, GCP or Azure regions of your choice, with residency commitments contracted in writing.