Encryption
All traffic is encrypted in transit with TLS 1.3. All persistent storage is encrypted at rest with AES-256-GCM. Backups inherit the same envelope.
Access
Production access requires hardware-key MFA and an approved Just-In-Time request. Every access event is logged to an append-only audit trail.
Data minimisation
We only collect what we need to find your data on brokers and breach sources. We never sell, share, or use your information to train models.
Vendor review
All sub-processors are reviewed annually. See our subprocessors list for the current set.