Security & Trust
SOC 2 Type II certified. Built for high-compliance environments from day one.
Security controls
Multi-tenant row-level isolation.
Every database query and graph traversal is scoped to org_id. Cross-tenant reads are structurally impossible at the query layer, not just at the application layer.
WASM-sandboxed licensing engine.
Licensing rule calculations run inside deterministic WebAssembly modules. The sandbox cannot make network calls, access the filesystem, or escape its execution context.
Zero-cleartext agent sync.
The endpoint agent computes compliance proofs locally and syncs only Merkle root hashes to the cloud. Raw file contents and clipboard data never leave the host.
Cryptographic evidence chain.
Every daily estate snapshot is hashed into a Merkle tree and signed with your organisation's key. The chain makes retroactive tampering detectable — if an auditor challenges a historical position, you present a mathematical proof.
Human-in-the-loop by default.
Unless explicitly configured for autonomous execution by a policy author, no seat is reclaimed and no blocking workflow is triggered without explicit human approval. The overnight pipeline defaults to surfacing decisions, not taking them.
Penetration tested annually.
Third-party penetration tests run on an annual schedule. Results inform the following quarter's hardening work. Summary findings available to enterprise customers under NDA.
Evidence chain integrity
Each estate snapshot is hashed bottom-up into a Merkle tree. The root is signed and appended to your compliance ledger. Click verify to walk the path.