Security

Security-first by design

We're a security company building security tools. We hold ourselves to the same standards we help you achieve.

Our security principles

Privacy by design

We minimize data collection and retention. Analysis happens locally where possible, and we never store message content longer than needed for detection.

Transparency

Clear documentation of what we analyze, how we process it, and what gets logged. No hidden data collection or undisclosed sharing.

Secure infrastructure

Enterprise-grade security practices including encryption in transit and at rest, regular security assessments, and secure development lifecycle.

Audit-ready

Comprehensive logging for compliance and incident response, with configurable retention policies to meet your requirements.

Privacy and data handling

Clear boundaries on what we access and how we handle it.

What we analyze

  • Message metadata (sender, timestamps, routing info)
  • URL structures and destinations
  • Content patterns for threat indicators
  • Behavioral signals for anomaly detection

What we don't do

  • Store full message content after analysis
  • Share data with third parties for non-security purposes
  • Train models on your organization's specific data
  • Access messages outside the configured scope

Enterprise-ready operations

Built for security teams, with the integrations and controls you need.

SIEM-ready outputs

Detections are formatted for easy ingestion into your existing security tools. We support common log formats and can integrate with your alerting workflows.

Incident response support

When threats are detected, we provide the context your team needs to investigate and respond—including threat indicators, affected users, and timeline data.

Compliance reporting

Generate reports for audits and compliance reviews, with full visibility into detection activity and policy enforcement.

Security by design

Security isn't an afterthought—it's built into everything we do, from architecture to deployment.

  • Secure software development lifecycle (SSDLC)
  • Regular third-party security assessments
  • Encrypted communications (TLS 1.3)
  • Encrypted data at rest
  • Role-based access controls
  • Principle of least privilege
  • Secure key management
  • Incident response procedures

Questions about our security?

We're happy to discuss our security practices in detail. Contact us for a security review or to learn more.