Security

Data in transit and at rest

All customer traffic is served over TLS 1.2+. Customer data is encrypted at rest using AES-256 at the volume level.

Authentication

User authentication is handled by Janua (MADFAM’s identity provider) using OAuth 2.0 and RS256-signed JWTs. SSO, MFA, and SCIM provisioning are available on Enterprise plans.

Tenancy and access

Every customer’s data is scoped by team_id. All queries enforce this scope at the database layer, not just the application layer. Internal staff access to production data is audited and requires two-person approval for any read of customer content.

Vulnerability disclosure

Found a security issue? Please email [email protected]. We respond within one business day and publicly acknowledge researchers whose reports lead to fixes.