Production-grade controls, explained plainly.
We build billing pipelines that touch carrier data, employer groups, and financial systems. The security posture below is what makes that responsibly possible.
TLS 1.3 for all traffic between clients, pipelines, and integrated systems.
AES-256 for all stored data, including backups and reconciliation snapshots.
Runs on Hetzner with full network isolation per customer environment.
Regular automated backups with point-in-time recovery and automated failover.
Least-privilege RBAC for all pipeline and console access. Full audit trail.
Customer data is never used to train or fine-tune models. Ever.
Where we are. Honestly.
SOC 2 is in progress. In the meantime, our current controls cover encryption, access management, backups, monitoring, and incident response. We can share our control documentation under NDA during a review.
Enterprise plans include a 99.9%+ uptime SLA with on-call response. Lower tiers run on the same infrastructure but without a contractual SLA.