Security

Security for production workloads

Controls teams expect when orchestrations touch customer and operational data.

Data encrypted in transit and at rest. Secrets stored in an app-level vault.

Workspace permissions and tenant isolation from day one.

JSON logs with traceId, tenantId, and userId on requests and flow runs.

Argon2id password hashing, JWT refresh rotation, OAuth2 for connectors.

Architecture aligned with SOC 2 Type II, GDPR, HIPAA, and ISO 27001 practices.

IP allowlists, webhook signature checks, and rate limits on public endpoints.

Request the security pack

We can share our SOC 2 summary, pen test overview, and architecture notes.