security

Compliance documentation

Pentest-ready. SOC 2 Type I-ready.

Threat model (STRIDE across 6 categories), SOC 2 evidence pack mapping every TSC to a code path, privacy policy, terms of service, security.txt — all public, all in the repo.

docs/THREAT_MODEL.md — STRIDE table with controls + gaps
docs/SOC2_EVIDENCE.md — CC1 through CC9 + Confidentiality
/privacy, /terms, /security pages + /.well-known/security.txt
GAPS.md + ENTERPRISE_GAPS.md track what is pending

How it works

Docs are markdown in the repo; legal pages are Next.js pages. Updates go through the same code review as features.

Read at /privacy, /terms, /security.

Start free Sign in

More security features

Multi-tenant isolation
One codebase, many companies, zero crosstalk.
2FA (TOTP)
The standard second factor, in every account.
OIDC / SAML single sign-on
Corporate accounts signing in via your IdP.
Audit log
Every change, with who + when + what.