Security

Data Protection

• All data is encrypted in transit using TLS.
• Passwords are hashed with bcrypt and never stored in plaintext.
• API keys are hashed (SHA-256) and never stored in plaintext.

Authentication

• User authentication uses secure, hashed credentials.
• API keys can be revoked at any time from the dashboard.
• Role-based access control (RBAC) for organization members.

Audit Logging

Flag changes, rule updates, and related actions are logged with user, timestamp, and action details for traceability.

Infrastructure

Our services run on trusted cloud infrastructure with regular security updates and monitoring. We maintain strict access controls for our systems.

Incident Response

We have processes in place to detect, respond to, and communicate security incidents. Affected users will be notified in accordance with applicable requirements.