Enterprise-grade security, built-in

Authentication, authorization, and encryption across the stack.

Request security packet Start trial

Security architecture

Multiple layers of protection

Auth & MFA

Supabase Auth with OTP, magic links, and multi-factor authentication support (TOTP, SMS, WebAuthn)

Row-Level Security

Strict access controls on all database tables; users only see their own data and team data

Encryption at Rest

AES-256 encryption for all stored data including conversations and documents

Encryption in Transit

TLS 1.2+ for all connections; HTTPS enforced across the platform

Payment Security

Stripe integration (PCI DSS Level 1); no card data stored in our system

Compliance Posture

SOC 2 Type 2 and HIPAA support via Supabase infrastructure

Audit & Monitoring

Prometheus metrics, Rollbar error tracking, comprehensive logging

Input Validation

Zod schema validation on all inputs; file type and size restrictions

DDoS Protection

Cloudflare protection and rate limiting on sensitive endpoints

Data handling

Your data stays secure and under your control

We take data protection seriously. All user data, conversations, and uploaded files are protected by multiple security layers.

Upload controls

  • • MIME type restrictions for safety
  • • File size limits (10-50MB depending on type)
  • • Signed URLs with automatic expiry
  • • Access control policies on storage

Data retention

  • • User data deletion on request
  • • Conversation export capabilities
  • • Configurable retention policies
  • • Geographic data residency options

Admin controls

Roles & Permissions

Granular control over who can do what with role-based access and hierarchical permissions.

  • • Superadmin, Admin, and Member roles
  • • Edit, View, and Chat permission levels
  • • Team-based and individual sharing
  • • Usage tier management per user

Sharing Scopes

Control visibility with flexible sharing options from private to public.

  • • Private (creator only)
  • • Team (all team members)
  • • Public (anyone with link)
  • • Store (listed in directory)

Compliance certifications

Meeting the highest industry standards

SOC 2 Type 2

Comprehensive controls for security, availability, processing integrity, confidentiality, and privacy

HIPAA Compliance

Business Associate Agreement (BAA) available for healthcare training organizations

GDPR Compliant

Full compliance with European data protection regulations including right to deletion and data portability

ISO 27001 Aligned

Security management practices aligned with international standards

Detailed security reports and DPAs are available under NDA where applicable.

Questions about security?

Our team is here to help with your security review

Request security packet Talk to an engineer