Security & Trust

Security is at the core of everything we build. Here's how we protect your data.

Every data object is scoped by organization. Firestore rules and backend authorization enforce strict tenant boundaries.

All scanning engines run in isolated containers with read-only mounts, no network access, CPU/memory limits, and strict timeouts.

Data encrypted at rest (AES-256) and in transit (TLS 1.3). Secrets managed via environment variables and Firebase config.

Signed enrollment tokens, outbound-only polling (no inbound ports), path sanitization, and scoped authentication.

GDPR-ready data retention controls, org data deletion, optional results-only mode, and immutable audit logs.

Role-based access (Owner, Admin, Analyst, Viewer) with optional MFA. Enterprise SSO via SAML/OIDC available.