Security

• Cloud Hosting: AWS with automatic backups and disaster recovery
• Database: ArangoDB Cloud with encryption and access controls
• Network Security: Virtual Private Cloud (VPC) isolation
• Rate Limiting: 60 requests/minute per organization to prevent abuse

• OAuth 2.0: Industry-standard authentication with secure token management
• Token Rotation: Automatic refresh 10 minutes before expiry
• Read-Only Access: We request minimal OAuth scopes (no write permissions)
• Multi-Factor Authentication: Available through Auth0

• SOC 2 Type II: Annual third-party security audits
• GDPR Compliant: Full data protection compliance for EU customers
• CCPA Compliant: California privacy law compliance
• Penetration Testing: Regular security assessments

• Data Minimization: We only collect data necessary for service functionality
• Automatic Cleanup: Expired tokens and cache are automatically deleted
• Secure Deletion: Complete data erasure upon account deletion
• No Data Sales: We never sell your data to third parties

In the event of a security incident:

1. Immediate containment and investigation
2. Affected users notified within 72 hours
3. Platform providers notified within 48 hours
4. Detailed incident report provided
5. Remediation steps and prevention measures implemented

If you discover a security vulnerability, please report it immediately to: [email protected]

We take all security reports seriously and will respond within 24 hours.