[{"data":1,"prerenderedAt":974},["ShallowReactive",2],{"content-query-on1iCIHlls":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":5,"title":7,"description":5,"summary":8,"order":9,"body":10,"_type":968,"_id":969,"_source":970,"_file":971,"_stem":972,"_extension":973},"\u002Fsecurity","",false,"Security — FastYoke","Executive summary of how FastYoke protects PII — tenant isolation, encryption, access control, auditability, and operational security.",4,{"type":11,"children":12,"toc":950},"root",[13,21,110,208,556,670,711,858,938],{"type":14,"tag":15,"props":16,"children":20},"element","hero",{"eyebrow":17,"tagline":18,"title":19},"Security","Per-tenant database isolation. Opt-in field-level encryption. Append-only audit trail. Designed for the regulated workloads your customers trust you with.","How FastYoke protects PII",[],{"type":14,"tag":22,"props":23,"children":26},"marketing-section",{"band":24,"max-width":25},"white","3xl",[27,47,54,66,72,77],{"type":14,"tag":28,"props":29,"children":30},"p",{},[31,34,45],{"type":32,"value":33},"text","Evaluating FastYoke for enterprise procurement? Start at the ",{"type":14,"tag":35,"props":36,"children":37},"strong",{},[38],{"type":14,"tag":39,"props":40,"children":42},"a",{"href":41},"\u002Fenterprise",[43],{"type":32,"value":44},"Enterprise overview",{"type":32,"value":46},".",{"type":14,"tag":48,"props":49,"children":51},"h2",{"id":50},"the-one-sentence-posture",[52],{"type":32,"value":53},"The one-sentence posture",{"type":14,"tag":28,"props":55,"children":56},{},[57,59,64],{"type":32,"value":58},"FastYoke treats PII as ",{"type":14,"tag":35,"props":60,"children":61},{},[62],{"type":32,"value":63},"opt-in opaque-by-default",{"type":32,"value":65}," — every tenant's data lives in its own database file, isolation is enforced at the operating-system layer, and the PII \u002F SPI encryption add-on closes the loop with per-tenant AES-256-GCM keys that the platform itself cannot read without an authorized request.",{"type":14,"tag":48,"props":67,"children":69},{"id":68},"download",[70],{"type":32,"value":71},"Download",{"type":14,"tag":28,"props":73,"children":74},{},[75],{"type":32,"value":76},"A printable version of this summary is available for security committees and procurement reviews:",{"type":14,"tag":78,"props":79,"children":80},"ul",{},[81,96],{"type":14,"tag":82,"props":83,"children":84},"li",{},[85,94],{"type":14,"tag":35,"props":86,"children":87},{},[88],{"type":14,"tag":39,"props":89,"children":91},{"href":90},"\u002Fdownloads\u002Ffastyoke-pii-security-summary.pdf",[92],{"type":32,"value":93},"Download the FastYoke PII security summary (PDF)",{"type":32,"value":95}," — same content as this page, formatted for review packets.",{"type":14,"tag":82,"props":97,"children":98},{},[99,108],{"type":14,"tag":35,"props":100,"children":101},{},[102],{"type":14,"tag":39,"props":103,"children":105},{"href":104},"\u002Fdownloads\u002Ffastyoke-vpat-2.5.pdf",[106],{"type":32,"value":107},"Download the FastYoke VPAT 2.5 (PDF)",{"type":32,"value":109}," — accessibility conformance report (WCAG 2.1, Section 508, EN 301 549), auto-regenerated from the live axe coverage and engineer attestation.",{"type":14,"tag":22,"props":111,"children":113},{"band":112,"max-width":25},"gray",[114,120,125,203],{"type":14,"tag":48,"props":115,"children":117},{"id":116},"what-fastyoke-counts-as-pii",[118],{"type":32,"value":119},"What FastYoke counts as PII",{"type":14,"tag":28,"props":121,"children":122},{},[123],{"type":32,"value":124},"The platform treats the following classes of data as in scope for the PII protections described below:",{"type":14,"tag":78,"props":126,"children":127},{},[128,163,173,183,193],{"type":14,"tag":82,"props":129,"children":130},{},[131,136,138,145,147,153,155,161],{"type":14,"tag":35,"props":132,"children":133},{},[134],{"type":32,"value":135},"Tenant-tagged fields.",{"type":32,"value":137}," Any entity-payload or form-field schema marked ",{"type":14,"tag":139,"props":140,"children":142},"code",{"className":141},[],[143],{"type":32,"value":144},"is_pii",{"type":32,"value":146}," (or ",{"type":14,"tag":139,"props":148,"children":150},{"className":149},[],[151],{"type":32,"value":152},"is_spi",{"type":32,"value":154}," for sensitive personal information). Tenants decide what's tagged — defaults to ",{"type":14,"tag":156,"props":157,"children":158},"em",{},[159],{"type":32,"value":160},"nothing tagged",{"type":32,"value":162}," so opt-in is deliberate.",{"type":14,"tag":82,"props":164,"children":165},{},[166,171],{"type":14,"tag":35,"props":167,"children":168},{},[169],{"type":32,"value":170},"CRM contact records.",{"type":32,"value":172}," Names, emails, phone numbers, addresses, notes — by their nature.",{"type":14,"tag":82,"props":174,"children":175},{},[176,181],{"type":14,"tag":35,"props":177,"children":178},{},[179],{"type":32,"value":180},"Form submission entries",{"type":32,"value":182}," carrying email, phone, SSN, financial account, government ID, or freeform notes likely to contain PII.",{"type":14,"tag":82,"props":184,"children":185},{},[186,191],{"type":14,"tag":35,"props":187,"children":188},{},[189],{"type":32,"value":190},"E-signature signer identity",{"type":32,"value":192}," — the email, IP, signed-at timestamp, and signer chain captured by the e-sign envelope flow.",{"type":14,"tag":82,"props":194,"children":195},{},[196,201],{"type":14,"tag":35,"props":197,"children":198},{},[199],{"type":32,"value":200},"Audit-trail rows",{"type":32,"value":202}," that incidentally carry tenant-identifying information (event log, journal-entry actor, transition events).",{"type":14,"tag":28,"props":204,"children":205},{},[206],{"type":32,"value":207},"Data in scope is governed by the controls in the next section. Data not in scope (e.g., aggregate metrics, public marketplace listings) is held to FastYoke's general security baseline but not the PII-specific controls.",{"type":14,"tag":22,"props":209,"children":210},{"band":24,"max-width":25},[211,217,224,251,256,262,309,314,320,393,399,465,471],{"type":14,"tag":48,"props":212,"children":214},{"id":213},"the-five-control-posture",[215],{"type":32,"value":216},"The five-control posture",{"type":14,"tag":218,"props":219,"children":221},"h3",{"id":220},"_1-tenant-isolation-at-the-operating-system-layer",[222],{"type":32,"value":223},"1. Tenant isolation — at the operating-system layer",{"type":14,"tag":28,"props":225,"children":226},{},[227,229,234,236,242,244,249],{"type":32,"value":228},"Every tenant gets its ",{"type":14,"tag":35,"props":230,"children":231},{},[232],{"type":32,"value":233},"own SQLite database file",{"type":32,"value":235},". There is no ",{"type":14,"tag":139,"props":237,"children":239},{"className":238},[],[240],{"type":32,"value":241},"WHERE tenant_id = ?",{"type":32,"value":243}," clause that the database falls back on for isolation — wrong-tenant access is ",{"type":14,"tag":156,"props":245,"children":246},{},[247],{"type":32,"value":248},"mechanically impossible",{"type":32,"value":250}," because it would require opening the wrong file.",{"type":14,"tag":28,"props":252,"children":253},{},[254],{"type":32,"value":255},"This is the architectural foundation. Application bugs cannot leak cross-tenant data because the application never has both tenants' files open at the same time.",{"type":14,"tag":218,"props":257,"children":259},{"id":258},"_2-encryption-three-layers-customer-tunable",[260],{"type":32,"value":261},"2. Encryption — three layers, customer-tunable",{"type":14,"tag":78,"props":263,"children":264},{},[265,275,285],{"type":14,"tag":82,"props":266,"children":267},{},[268,273],{"type":14,"tag":35,"props":269,"children":270},{},[271],{"type":32,"value":272},"In transit.",{"type":32,"value":274}," All traffic is served over TLS. There is no plaintext path for tenant data over the network.",{"type":14,"tag":82,"props":276,"children":277},{},[278,283],{"type":14,"tag":35,"props":279,"children":280},{},[281],{"type":32,"value":282},"At rest, infrastructure.",{"type":32,"value":284}," Production database volumes are encrypted at rest at the hosting layer (Fly.io managed encryption).",{"type":14,"tag":82,"props":286,"children":287},{},[288,293,295,300,302,307],{"type":14,"tag":35,"props":289,"children":290},{},[291],{"type":32,"value":292},"At rest, field-level (optional).",{"type":32,"value":294}," The ",{"type":14,"tag":35,"props":296,"children":297},{},[298],{"type":32,"value":299},"PII \u002F SPI Field Encryption add-on",{"type":32,"value":301}," ($19\u002Fmonth, available on every tier from Solo and above) encrypts tagged fields under ",{"type":14,"tag":35,"props":303,"children":304},{},[305],{"type":32,"value":306},"per-tenant data keys (AES-256-GCM)",{"type":32,"value":308}," wrapped under a platform key. Tagged values are decrypted only when read by an authorized request — they are intentionally opaque to filter \u002F sort \u002F search.",{"type":14,"tag":28,"props":310,"children":311},{},[312],{"type":32,"value":313},"The field-level layer means even a platform administrator with database access cannot read tagged values without going through the authorized read path.",{"type":14,"tag":218,"props":315,"children":317},{"id":316},"_3-access-control-rbac-scopes-hard-refusals",[318],{"type":32,"value":319},"3. Access control — RBAC + scopes + hard refusals",{"type":14,"tag":78,"props":321,"children":322},{},[323,333,366,376],{"type":14,"tag":82,"props":324,"children":325},{},[326,331],{"type":14,"tag":35,"props":327,"children":328},{},[329],{"type":32,"value":330},"Role-based access control.",{"type":32,"value":332}," A 72-permission catalog. Every API endpoint and every UI surface gates on permissions, not on a tenant admin's identity. Authoring once means the permission you grant a PAT means the same thing if you ever ship an extension.",{"type":14,"tag":82,"props":334,"children":335},{},[336,341,343,349,351,356,358,364],{"type":14,"tag":35,"props":337,"children":338},{},[339],{"type":32,"value":340},"Personal Access Tokens (PATs).",{"type":32,"value":342}," Long-lived ",{"type":14,"tag":139,"props":344,"children":346},{"className":345},[],[347],{"type":32,"value":348},"fy_pat_",{"type":32,"value":350}," tokens are minted with explicit scopes. The platform issues ",{"type":14,"tag":35,"props":352,"children":353},{},[354],{"type":32,"value":355},"hard refusals",{"type":32,"value":357}," — ",{"type":14,"tag":139,"props":359,"children":361},{"className":360},[],[362],{"type":32,"value":363},"delegated_credential_refused",{"type":32,"value":365}," — when a token tries to act outside its scopes, even if the underlying user could.",{"type":14,"tag":82,"props":367,"children":368},{},[369,374],{"type":14,"tag":35,"props":370,"children":371},{},[372],{"type":32,"value":373},"WorkOS AuthKit \u002F SSO.",{"type":32,"value":375}," SSO via WorkOS for organizations that require it. The callback resolves tenant by workspace assignment, not by email-domain guessing.",{"type":14,"tag":82,"props":377,"children":378},{},[379,384,386,391],{"type":14,"tag":35,"props":380,"children":381},{},[382],{"type":32,"value":383},"Strategic Partner consent.",{"type":32,"value":385}," Partners providing implementation support reach a tenant only while a ",{"type":14,"tag":35,"props":387,"children":388},{},[389],{"type":32,"value":390},"per-tenant consent grant",{"type":32,"value":392}," is in place; revocation stops access on the next request.",{"type":14,"tag":218,"props":394,"children":396},{"id":395},"_4-auditability-append-only-by-design",[397],{"type":32,"value":398},"4. Auditability — append-only by design",{"type":14,"tag":78,"props":400,"children":401},{},[402,428,445,455],{"type":14,"tag":82,"props":403,"children":404},{},[405,410,412,418,420,426],{"type":14,"tag":35,"props":406,"children":407},{},[408],{"type":32,"value":409},"Immutable event log.",{"type":32,"value":411}," Every state change on every entity is recorded as an append-only event-log row. No ",{"type":14,"tag":139,"props":413,"children":415},{"className":414},[],[416],{"type":32,"value":417},"UPDATE",{"type":32,"value":419}," or ",{"type":14,"tag":139,"props":421,"children":423},{"className":422},[],[424],{"type":32,"value":425},"DELETE",{"type":32,"value":427}," is ever issued. The audit log is the platform's contractual truth.",{"type":14,"tag":82,"props":429,"children":430},{},[431,436,438,443],{"type":14,"tag":35,"props":432,"children":433},{},[434],{"type":32,"value":435},"Sealed-PDF evidence.",{"type":32,"value":437}," The General Ledger detail report (and any other auditable artifact) can be exported as a ",{"type":14,"tag":35,"props":439,"children":440},{},[441],{"type":32,"value":442},"sealed PDF",{"type":32,"value":444}," signed with ed25519. The seal is verifiable via a public endpoint — no FastYoke involvement required for an external auditor to confirm authenticity.",{"type":14,"tag":82,"props":446,"children":447},{},[448,453],{"type":14,"tag":35,"props":449,"children":450},{},[451],{"type":32,"value":452},"Posted journal entries are immutable.",{"type":32,"value":454}," Reversals are new entries; the original survives. GAAP-aligned by construction.",{"type":14,"tag":82,"props":456,"children":457},{},[458,463],{"type":14,"tag":35,"props":459,"children":460},{},[461],{"type":32,"value":462},"Role-change audit.",{"type":32,"value":464}," Every grant, revoke, and downgrade of an admin role is recorded with actor + timestamp + reason. Exportable for review.",{"type":14,"tag":218,"props":466,"children":468},{"id":467},"_5-operational-security-incident-response-dependency-hygiene",[469],{"type":32,"value":470},"5. Operational security — incident response + dependency hygiene",{"type":14,"tag":78,"props":472,"children":473},{},[474,492,526,536,546],{"type":14,"tag":82,"props":475,"children":476},{},[477,482,484,490],{"type":14,"tag":35,"props":478,"children":479},{},[480],{"type":32,"value":481},"Vulnerability disclosure.",{"type":32,"value":483}," ",{"type":14,"tag":139,"props":485,"children":487},{"className":486},[],[488],{"type":32,"value":489},"security@fastyoke.io",{"type":32,"value":491}," with a 24-hour acknowledgement SLA.",{"type":14,"tag":82,"props":493,"children":494},{},[495,500,502,508,510,516,518,524],{"type":14,"tag":35,"props":496,"children":497},{},[498],{"type":32,"value":499},"Dependency scanning.",{"type":32,"value":501}," Dependabot + ",{"type":14,"tag":139,"props":503,"children":505},{"className":504},[],[506],{"type":32,"value":507},"gitleaks",{"type":32,"value":509}," (committed-secret detection) + ",{"type":14,"tag":139,"props":511,"children":513},{"className":512},[],[514],{"type":32,"value":515},"npm audit",{"type":32,"value":517}," + ",{"type":14,"tag":139,"props":519,"children":521},{"className":520},[],[522],{"type":32,"value":523},"cargo deny",{"type":32,"value":525}," run on every PR. Supply-chain advisories block merge until triaged.",{"type":14,"tag":82,"props":527,"children":528},{},[529,534],{"type":14,"tag":35,"props":530,"children":531},{},[532],{"type":32,"value":533},"Incident response plan.",{"type":32,"value":535}," Documented procedures for breach detection, customer notification, and post-incident review.",{"type":14,"tag":82,"props":537,"children":538},{},[539,544],{"type":14,"tag":35,"props":540,"children":541},{},[542],{"type":32,"value":543},"Backups.",{"type":32,"value":545}," Continuous backup via Litestream to S3-compatible cold storage. Backup encryption inherits volume encryption.",{"type":14,"tag":82,"props":547,"children":548},{},[549,554],{"type":14,"tag":35,"props":550,"children":551},{},[552],{"type":32,"value":553},"Region pinning",{"type":32,"value":555}," (Enterprise+). Tenants with data-residency obligations can pin their tenant to a specific Fly.io region or region group.",{"type":14,"tag":22,"props":557,"children":558},{"band":112,"max-width":25},[559,565,570],{"type":14,"tag":48,"props":560,"children":562},{"id":561},"customer-responsibility-the-shared-model",[563],{"type":32,"value":564},"Customer responsibility — the shared model",{"type":14,"tag":28,"props":566,"children":567},{},[568],{"type":32,"value":569},"Some controls are yours, not ours. The boundary is:",{"type":14,"tag":571,"props":572,"children":573},"table",{},[574,593],{"type":14,"tag":575,"props":576,"children":577},"thead",{},[578],{"type":14,"tag":579,"props":580,"children":581},"tr",{},[582,588],{"type":14,"tag":583,"props":584,"children":585},"th",{},[586],{"type":32,"value":587},"FastYoke does",{"type":14,"tag":583,"props":589,"children":590},{},[591],{"type":32,"value":592},"Customer does",{"type":14,"tag":594,"props":595,"children":596},"tbody",{},[597,618,631,644,657],{"type":14,"tag":579,"props":598,"children":599},{},[600,606],{"type":14,"tag":601,"props":602,"children":603},"td",{},[604],{"type":32,"value":605},"Provides per-tenant isolation, infra encryption, RBAC catalog, audit log, sealed-PDF export, optional field-level encryption",{"type":14,"tag":601,"props":607,"children":608},{},[609,611,616],{"type":32,"value":610},"Decides which fields get the ",{"type":14,"tag":139,"props":612,"children":614},{"className":613},[],[615],{"type":32,"value":144},{"type":32,"value":617}," tag",{"type":14,"tag":579,"props":619,"children":620},{},[621,626],{"type":14,"tag":601,"props":622,"children":623},{},[624],{"type":32,"value":625},"Operates the production stack, monitors for incidents, runs vuln scanning",{"type":14,"tag":601,"props":627,"children":628},{},[629],{"type":32,"value":630},"Configures SSO + 2FA on operator accounts",{"type":14,"tag":579,"props":632,"children":633},{},[634,639],{"type":14,"tag":601,"props":635,"children":636},{},[637],{"type":32,"value":638},"Offers the HIPAA add-on, region pinning, dedicated SLA",{"type":14,"tag":601,"props":640,"children":641},{},[642],{"type":32,"value":643},"Signs the Business Associate Agreement before processing PHI; opts into region pinning for residency obligations",{"type":14,"tag":579,"props":645,"children":646},{},[647,652],{"type":14,"tag":601,"props":648,"children":649},{},[650],{"type":32,"value":651},"Holds the platform-level keys for encryption-at-rest",{"type":14,"tag":601,"props":653,"children":654},{},[655],{"type":32,"value":656},"Chooses which third-party integrations process tenant data through the platform",{"type":14,"tag":579,"props":658,"children":659},{},[660,665],{"type":14,"tag":601,"props":661,"children":662},{},[663],{"type":32,"value":664},"Maintains the public subprocessor list and notifies on changes",{"type":14,"tag":601,"props":666,"children":667},{},[668],{"type":32,"value":669},"Reviews the subprocessor list and approves it for the customer's compliance regime",{"type":14,"tag":22,"props":671,"children":672},{"band":24,"max-width":25},[673,679,684,699],{"type":14,"tag":48,"props":674,"children":676},{"id":675},"subprocessors",[677],{"type":32,"value":678},"Subprocessors",{"type":14,"tag":28,"props":680,"children":681},{},[682],{"type":32,"value":683},"FastYoke uses a small list of carefully selected third parties to operate the platform. The complete list — including service, region, DPA status, and certification posture — is published at:",{"type":14,"tag":78,"props":685,"children":686},{},[687],{"type":14,"tag":82,"props":688,"children":689},{},[690],{"type":14,"tag":35,"props":691,"children":692},{},[693],{"type":14,"tag":39,"props":694,"children":696},{"href":695},"\u002Fdocs\u002Fsecurity\u002Fsubprocessors",[697],{"type":32,"value":698},"FastYoke Subprocessor List",{"type":14,"tag":28,"props":700,"children":701},{},[702,704,709],{"type":32,"value":703},"New subprocessor additions are announced in advance per our contractual commitments. Customers may flag concerns at ",{"type":14,"tag":139,"props":705,"children":707},{"className":706},[],[708],{"type":32,"value":489},{"type":32,"value":710}," before the addition takes effect.",{"type":14,"tag":22,"props":712,"children":713},{"band":112,"max-width":25},[714,720,829,841],{"type":14,"tag":48,"props":715,"children":717},{"id":716},"formal-attestations",[718],{"type":32,"value":719},"Formal attestations",{"type":14,"tag":571,"props":721,"children":722},{},[723,739],{"type":14,"tag":575,"props":724,"children":725},{},[726],{"type":14,"tag":579,"props":727,"children":728},{},[729,734],{"type":14,"tag":583,"props":730,"children":731},{},[732],{"type":32,"value":733},"Attestation",{"type":14,"tag":583,"props":735,"children":736},{},[737],{"type":32,"value":738},"Status",{"type":14,"tag":594,"props":740,"children":741},{},[742,765,781,797,813],{"type":14,"tag":579,"props":743,"children":744},{},[745,753],{"type":14,"tag":601,"props":746,"children":747},{},[748],{"type":14,"tag":35,"props":749,"children":750},{},[751],{"type":32,"value":752},"VPAT 2.5 (accessibility)",{"type":14,"tag":601,"props":754,"children":755},{},[756,758,763],{"type":32,"value":757},"Current — ",{"type":14,"tag":39,"props":759,"children":760},{"href":104},[761],{"type":32,"value":762},"download the PDF",{"type":32,"value":764},", regenerated on every release from live axe coverage + engineer attestation.",{"type":14,"tag":579,"props":766,"children":767},{},[768,776],{"type":14,"tag":601,"props":769,"children":770},{},[771],{"type":14,"tag":35,"props":772,"children":773},{},[774],{"type":32,"value":775},"SOC 2 Type II",{"type":14,"tag":601,"props":777,"children":778},{},[779],{"type":32,"value":780},"Roadmap — readiness assessment complete; controls operating; audit engagement scheduled. Bridge letter available on request.",{"type":14,"tag":579,"props":782,"children":783},{},[784,792],{"type":14,"tag":601,"props":785,"children":786},{},[787],{"type":14,"tag":35,"props":788,"children":789},{},[790],{"type":32,"value":791},"HIPAA posture",{"type":14,"tag":601,"props":793,"children":794},{},[795],{"type":32,"value":796},"Available — BAA executed on Enterprise \u002F ISV+ tier with the HIPAA add-on. PHI processed under documented administrative + technical safeguards.",{"type":14,"tag":579,"props":798,"children":799},{},[800,808],{"type":14,"tag":601,"props":801,"children":802},{},[803],{"type":14,"tag":35,"props":804,"children":805},{},[806],{"type":32,"value":807},"GDPR readiness",{"type":14,"tag":601,"props":809,"children":810},{},[811],{"type":32,"value":812},"Current — DPA available, data-subject rights honored, EU region pinning available.",{"type":14,"tag":579,"props":814,"children":815},{},[816,824],{"type":14,"tag":601,"props":817,"children":818},{},[819],{"type":14,"tag":35,"props":820,"children":821},{},[822],{"type":32,"value":823},"PCI DSS",{"type":14,"tag":601,"props":825,"children":826},{},[827],{"type":32,"value":828},"Not in scope — FastYoke does not store cardholder data. Payment processing routes through Stripe (PCI DSS Level 1).",{"type":14,"tag":28,"props":830,"children":831},{},[832,834,839],{"type":32,"value":833},"For pre-audit security reviews or procurement questionnaires, contact ",{"type":14,"tag":139,"props":835,"children":837},{"className":836},[],[838],{"type":32,"value":489},{"type":32,"value":840}," with your specific framework and timeline.",{"type":14,"tag":28,"props":842,"children":843},{},[844,849,850,856],{"type":14,"tag":35,"props":845,"children":846},{},[847],{"type":32,"value":848},"Related reading:",{"type":32,"value":483},{"type":14,"tag":39,"props":851,"children":853},{"href":852},"\u002Fblog\u002Fwhy-fastyoke-chose-webassembly",[854],{"type":32,"value":855},"Running your code — safely, at native speed: why FastYoke chose WebAssembly",{"type":32,"value":857}," — the sandboxing model behind the guard-evaluation control described above.",{"type":14,"tag":22,"props":859,"children":860},{"band":24,"max-width":25},[861,867,933],{"type":14,"tag":48,"props":862,"children":864},{"id":863},"contact-disclosure",[865],{"type":32,"value":866},"Contact + disclosure",{"type":14,"tag":78,"props":868,"children":869},{},[870,886,901,917],{"type":14,"tag":82,"props":871,"children":872},{},[873,878,879,884],{"type":14,"tag":35,"props":874,"children":875},{},[876],{"type":32,"value":877},"Vulnerability reports:",{"type":32,"value":483},{"type":14,"tag":139,"props":880,"children":882},{"className":881},[],[883],{"type":32,"value":489},{"type":32,"value":885}," — 24-hour acknowledgement SLA.",{"type":14,"tag":82,"props":887,"children":888},{},[889,894,895,900],{"type":14,"tag":35,"props":890,"children":891},{},[892],{"type":32,"value":893},"Security questionnaires + procurement:",{"type":32,"value":483},{"type":14,"tag":139,"props":896,"children":898},{"className":897},[],[899],{"type":32,"value":489},{"type":32,"value":46},{"type":14,"tag":82,"props":902,"children":903},{},[904,909,910,916],{"type":14,"tag":35,"props":905,"children":906},{},[907],{"type":32,"value":908},"Status + recently-patched issues:",{"type":32,"value":483},{"type":14,"tag":39,"props":911,"children":913},{"href":912},"\u002Fsecurity-fixes",[914],{"type":32,"value":915},"Security fixes log",{"type":32,"value":46},{"type":14,"tag":82,"props":918,"children":919},{},[920,925,927,932],{"type":14,"tag":35,"props":921,"children":922},{},[923],{"type":32,"value":924},"Full technical Trust Center",{"type":32,"value":926}," (for engineers + builders): ",{"type":14,"tag":39,"props":928,"children":930},{"href":929},"\u002Fdocs\u002Fsecurity\u002Ftrust-center",[931],{"type":32,"value":929},{"type":32,"value":46},{"type":14,"tag":28,"props":934,"children":935},{},[936],{"type":32,"value":937},"We disclose material security issues with the same discipline we ask of our customers — facts, no hand-waving, and a clear remediation path. We're a small team and we own this.",{"type":14,"tag":22,"props":939,"children":940},{"band":112,"max-width":25},[941],{"type":14,"tag":28,"props":942,"children":947},{"className":943,"style":946},[944,945],"text-center","text-sm","color: var(--brand-text-secondary)",[948],{"type":32,"value":949},"Last reviewed: 2026-06-26. This page is updated on every material change to the platform's PII handling.",{"title":5,"searchDepth":951,"depth":951,"links":952},2,[953,954,955,956,964,965,966,967],{"id":50,"depth":951,"text":53},{"id":68,"depth":951,"text":71},{"id":116,"depth":951,"text":119},{"id":213,"depth":951,"text":216,"children":957},[958,960,961,962,963],{"id":220,"depth":959,"text":223},3,{"id":258,"depth":959,"text":261},{"id":316,"depth":959,"text":319},{"id":395,"depth":959,"text":398},{"id":467,"depth":959,"text":470},{"id":561,"depth":951,"text":564},{"id":675,"depth":951,"text":678},{"id":716,"depth":951,"text":719},{"id":863,"depth":951,"text":866},"markdown","content:security.md","content","security.md","security","md",1783575522326]