SECURITY

Our team previously ran security programs at companies like Google and Chainguard. We get it.

Security

Our Security Principles

Zero Trust

Hardware-backed cryptographic identity and encryption are our security perimeter

Defense in Depth

Every layer fails—we rely on overlapping controls (swiss cheese model)

Ephemeral Secrets

All secrets leak eventually. We prefer OIDC and runtime KMS

Minimal Data

Less data = less risk. Metadata cache only (21-day TTL), 0 persistent user data

Minimal Supply Chain

Most services have 0-1 external deps. We use ko+Chainguard

No Data Monetization

We never sell your data. Third-party sharing limited to operational requirements

Radical Transparency — Audit our code anytime. If it's not open-source yet, just ask!

Compliance & Policies

We're engineering our security controls to meet SOC 2 standards from day one.

Vulnerability Disclosure

Found a security issue? Check out our security.txt for reporting instructions.

We take all reports seriously and will respond promptly.

Want to discuss security?

We could talk all day about security architecture, compliance, or threat modeling.

Email us Book a call