Security & Compliance

• Data at Rest: AES-256-CBC encryption for all stored data
• Data in Transit: TLS 1.2+ for all communications
• Database Encryption: Application-level encryption for sensitive fields
• Key Management: Secure key rotation and storage practices

• Multi-Factor Authentication (MFA): TOTP-based 2FA available for all users with organization-level enforcement
• Account Lockout: Automatic 15-minute lockout after 5 failed login attempts
• Role-Based Access Control: Organization, team, and project-level permissions with principle of least privilege
• Session Management: Configurable idle and absolute session timeouts with automatic logout
• API Authentication: Secure token management with rate limiting

TOTP-based two-factor authentication adds an extra layer of security to user accounts.

• User Setup: Enable MFA from your profile page with any TOTP authenticator app
• Recovery Codes: 8 single-use codes generated during setup for emergency access
• Organization Enforcement: Admins can require MFA for all organization members
• SSO Integration: Smart exemptions for users authenticating via SAML/OIDC

Automatic session timeouts prevent unauthorized access to unattended sessions.

• Idle Timeout: Automatic logout after period of inactivity (default: 30 minutes)
• Absolute Timeout: Maximum session duration regardless of activity (default: 8 hours)
• Organization Customization: Admins can set custom timeouts for their organization
• Secure Cookies: HTTP-only, secure, and SameSite attributes for CSRF protection

• AWS Cloud Infrastructure with enterprise-grade protection
• Web Application Firewall and DDoS protection
• Network Segmentation and intrusion detection
• Regular Security Updates and patch management

• 24/7 Security Monitoring with automated threat detection
• Incident Response Plan with defined procedures
• Security Logging and audit trails
• Vulnerability Scanning and penetration testing