Data minimization and purpose
We collect only the data necessary to secure your account and provide service: authentication metadata, device signals, and transaction context. We do not sell personal data nor use it for advertising. Administrative controls let organizations set retention policies and export or delete logs as required.
Encryption & token security
All communications use TLS with modern ciphers. Session tokens use secure random generation and short expiration windows. Refresh tokens are rotated and revocable — meaning tokens can be invalidated from the dashboard or through admin action to immediately block access.
Compliance & audits
We undergo regular third-party security assessments and maintain compliance with GDPR and SOC/ISO frameworks as applicable. Our bug bounty program encourages responsible disclosure and rapid remediation of security findings.
User controls
Users can manage devices, revoke sessions, export activity logs, and delete account history. For enterprise customers, delegated admins can define policies and retention settings centrally for cross-team governance.
How to stay safe
- Enable MFA and register a backup method.
- Use unique passwords per service with a password manager.
- Review sessions and revoke unknown devices promptly.
- Keep recovery information up to date.