Help Center
How can we help?
All Categories
Privacy & Security
Data Protection & Operational Security

Data Protection & Operational Security

How we protect sensitive client information, and practice continuous security monitoring, robust backup & disaster recovery.

Last updated on May 1, 2026

Data Protection

Encryption

  • Data in Transit: All communications encrypted using industry-standard TLS/SS protocols with regular certificate rotation.
  • Data at Rest: Sensitive files encrypted using AES-256 encryption with secure key management and regular rotation.

Data Types Protected

  • Employee Personal Information: Names, email addresses, phone numbers
  • Employment Data: Organizational structure, reporting relationships
  • Survey Responses: Employee feedback and assessment data
  • Analytics: Aggregated insights and organizational reports
 

Operational Security

Infrastructure Security

  • Enterprise-grade cloud hosting with high availability and redundancy
  • Primary database is maintained on a private network, completely isolated from the public internet
  • Firewall protection, network segmentation, and DDoS protection
  • Intrusion detection/prevention with continuous network monitoring at the developer-level
  • Disaster recovery capabilities

Our Infrastructure Vendors

Provider
Description
AWS
Cloud-Services provider, used for data & object storage and cloud computation
ControlPlane
Cloud-Services provider, used for application hosting
Sentry
Data and Analytics platform, used for monitoring, alerting, and debugging
PostHog
Data and Analytics platform, used for user analytics
Twilio
Notifications Service, used for email and SMS messaging
Cloudflare
Cloud-Services provider, used for data & object storage and cloud computation

Security Monitoring

  • Real-time security event monitoring with 24/7 operations
  • Automated threat detection and anomaly alerting
  • Tracking of authentication failures, unauthorized access attempts, and data-access anomalies

Backup & Recovery

  • Regular automated backups with encrypted storage (daily backups with 30-day retention)
  • Documented recovery procedures (sub-hour system recovery)

Security Controls Summary

Security Area
Controls Implemented
Authentication
Passwordless auth, OAuth 2.0, SSO, session management
Authorization Data
5-tier RBAC, organization isolation, least privilege
Protection Application
Encryption in transit/at rest, secure key management
Security
Input validation, injection prevention, secure coding
Infrastructure
Network security, access controls, monitoring
Compliance
Security policies, privacy compliance
 
Powered By HelpKit Powered by HelpKit