Trust Center

Append-only audit trail of mutations and security events, retained for at least 12 months.

Every credential sign-in is logged with outcome; lockout after repeated failures.

Length, complexity, history, and optional breach-check enforced on every change.

Fine-grained, feature-scoped permissions with workspace boundaries.

Self-service account deletion with a configurable grace period; anonymisation fallback for records on legal hold or referenced by business data.

Records can be placed under legal hold to override retention and deletion.

Versioned privacy policy, terms, DPA, cookie policy, and security overview.

Self-service data export and admin DSAR queue with 30-day SLA tracking.

Granular consent purposes, append-only consent ledger, and a cookie banner.

Public list of sub-processors with notification mechanism for changes.

TOTP enrolment with single-use backup codes; can be required for admins.

Active session listing, sign-out everywhere, configurable idle timeout.

Per-entity retention rules executed by scheduled sweeps and logged for evidence.

AES-256-GCM helper available for OAuth tokens and integration credentials.

TLS 1.2+ enforced on all public endpoints; HSTS enabled.

Scheduled workspace backups with retention and restore tooling.

Incident workflow with 72-hour notification helper for high-severity events.

CSV exports of audit log, DSAR log, consent ledger, login audit, and retention sweep history.

All entity changes logged via change log; release process documented.

Application logs, error events, and external log destinations.

Append-only audit trail of mutations and security events, retained for at least 12 months.

Every credential sign-in is logged with outcome; lockout after repeated failures.

Length, complexity, history, and optional breach-check enforced on every change.

Fine-grained, feature-scoped permissions with workspace boundaries.

Records can be placed under legal hold to override retention and deletion.

Versioned privacy policy, terms, DPA, cookie policy, and security overview.

TOTP enrolment with single-use backup codes; can be required for admins.

Active session listing, sign-out everywhere, configurable idle timeout.

Per-entity retention rules executed by scheduled sweeps and logged for evidence.

AES-256-GCM helper available for OAuth tokens and integration credentials.

TLS 1.2+ enforced on all public endpoints; HSTS enabled.

Scheduled workspace backups with retention and restore tooling.

Incident workflow with 72-hour notification helper for high-severity events.

CSV exports of audit log, DSAR log, consent ledger, login audit, and retention sweep history.

All entity changes logged via change log; release process documented.

Application logs, error events, and external log destinations.

Append-only audit trail of mutations and security events, retained for at least 12 months.

Every credential sign-in is logged with outcome; lockout after repeated failures.

Length, complexity, history, and optional breach-check enforced on every change.

Fine-grained, feature-scoped permissions with workspace boundaries.

Self-service account deletion with a configurable grace period; anonymisation fallback for records on legal hold or referenced by business data.

Records can be placed under legal hold to override retention and deletion.

Versioned privacy policy, terms, DPA, cookie policy, and security overview.

Self-service data export and admin DSAR queue with 30-day SLA tracking.

Granular consent purposes, append-only consent ledger, and a cookie banner.

Public list of sub-processors with notification mechanism for changes.

TOTP enrolment with single-use backup codes; can be required for admins.

Active session listing, sign-out everywhere, configurable idle timeout.

Per-entity retention rules executed by scheduled sweeps and logged for evidence.

AES-256-GCM helper available for OAuth tokens and integration credentials.

TLS 1.2+ enforced on all public endpoints; HSTS enabled.

Scheduled workspace backups with retention and restore tooling.

Incident workflow with 72-hour notification helper for high-severity events.

CSV exports of audit log, DSAR log, consent ledger, login audit, and retention sweep history.

All entity changes logged via change log; release process documented.

Application logs, error events, and external log destinations.