Security & Compliance
Information Security Policy
Administrative, technical, and physical safeguards for the platform.
- Status
- Active
- Effective
- June 3, 2026
- Owner
- Chief Information Security Officer
Framework Alignment
Controls aligned to NIST CSF, SOC 2 Trust Services Criteria, and OWASP ASVS Level 2.
Encryption
TLS 1.2+ in transit, AES-256 at rest, signed URLs for private storage, hardware-backed KMS for key custody.
Personnel Security
Background checks, mandatory security training, and least-privilege production access with quarterly review.