We operate dedicated regional cloud instances to ensure that customer data stays within the regions it originates from. This localized approach reinforces data integrity and compliance with regional laws, such as GDPR in Europe and CCPA in California.
We comply with globally recognized privacy and security standards, including PCI-DSS, ISO 27001/27701, HIPAA, the EU Cloud Code of Conduct (EU Cloud CoC), and SOC 1, SOC 2, and SOC 3. Our compliance with these frameworks reflects our commitment to data protection at the highest levels.
To further protect personal data, we use strong encryption protocols—in storage, in transit, and at rest—to secure data throughout its entire lifecycle, even down to the database level. This ensures that your information is protected no matter where or how it is stored.
To support our customers, we have onboarded in-region engineers who provide localized assistance. These engineers ensure that data sovereignty requirements are met, and they are available to offer direct support when needed.
Only a limited number of employees have privileged access to our production environment. We maintain this access solely for platform management, maintenance, and support purposes. We adhere to the principle of least privilege when provisioning access to internal users; our employees are only granted the level of access that’s necessary for their job roles in accordance with privacy by default principles.
Our services also feature role-based access controls to enable our customers to implement fine-grained access management for authorized users in accordance with privacy by design principles.
