​

Security & Data Policy

​

Privacy Policy

• We respect your privacy. Your data is never sold or shared with third parties for advertising.
• By default, your data is private to your account and organization.
• You control what data is uploaded, stored, or deleted.

​

Data Handling

• Data Storage: Only the minimum data required for service operation is stored. Most data is encrypted at rest and in transit.
• Retention: Data is retained only as long as necessary for service functionality or as required by law.
• Access: Only authorized personnel have access to production systems, and all access is logged and monitored.

​

Account Deletion

• You can request account deletion at any time by contacting support.
• When your account is deleted, all associated data is permanently removed from our systems, except where retention is required by law.
• Some data may persist in backups for a limited period, after which it is purged.

​

Vulnerability Disclosure

• We take security seriously. If you discover a vulnerability, please report it to our security team at [email protected].
• We aim to respond to all reports within 48 hours and will keep you updated on our progress.
• We publicly acknowledge researchers who help us improve our security, with permission.

​

Infrastructure Security

• All infrastructure is hosted on secure, industry-standard cloud providers with strong physical and network security.
• We use encryption for all data in transit (TLS) and at rest.
• Regular security audits and penetration tests are conducted.
• Subprocessors and third-party services are carefully vetted for security compliance.