Security & Privacy
Your data is safe. We've built security as a foundation, not an afterthought.
Encryption at Rest
All data encrypted with AES-256-GCM. Database volumes encrypted at the cloud provider level. Encryption keys managed via Google Cloud KMS.
Encryption in Transit
All traffic uses TLS 1.3 minimum. HSTS preloading enforced on all domains. Certificate pinning for mobile apps.
Multi-Factor Authentication
TOTP-based MFA required for Owner and Admin roles. Backup codes generated on enrollment. Emergency lockout procedures documented.
Tenant Isolation
Every database query is scoped to the authenticated tenant. Prisma middleware enforces tenantId on every read and write. No cross-tenant data leakage by design.
Data Backup & Recovery
Automated daily backups with 30-day retention. Point-in-time recovery to any second within 7 days. Cross-region replication to us-east1 for DR.
Audit Logs
Immutable audit log for every sensitive action (data access, exports, permission changes, login events). Retained 7 years per Egypt PDPL compliance requirements.
Need a detailed security report or Data Processing Agreement (DPA)?
Contact us →