We know compliance data is sensitive. Here is how we protect it.
All data is stored in the EU (AWS eu-west-1, Ireland) via Turso. No data leaves the EU unless you explicitly configure webhook integrations to systems outside the EU.
TLS 1.3 for all communication. Data encrypted at rest (AES-256). All API keys and secrets stored in environment variables, never in code.
OAuth 2.0 via Google and GitHub. We never store passwords. SSO/SAML available on Enterprise plan.
Fully GDPR compliant. We only process data necessary for the service. Data Processing Agreement (DPA) available on request. Right to erasure — contact us.
Every change is timestamped. Every review is logged with who reviewed and when. Export as CSV or PDF for audits.
Hosted on Vercel (edge network) and Cloudflare. Database via Turso (SQLite, distributed, EU). 99.9% uptime target.
We provide Data Processing Agreements (DPA), security overviews, and can answer your IT department's questions.
Free to get started. No credit card required.
Create account — free