Trust Center
We protect MSP data like it's our own — because the tools you trust shouldn't require blind faith.
Infrastructure & Data Protection
HostingVercel (CDN/Edge, US)
DatabaseSupabase (PostgreSQL on AWS)
Encryption at restAES-256
Encryption in transitTLS 1.2+
ArchitectureMulti-tenant with Row-Level Security (RLS) on every table
Tenant isolationEnforced at database level — no shared queries cross tenant boundaries
BackupsSupabase automated daily backups with point-in-time recovery
Application Security
AuthenticationSupabase Auth (email/password + JWT), MFA support
AuthorizationRLS policies on every table, Edge Functions enforce tenant_id
API SecurityAll Edge Functions validate auth + tenant context
Dependency managementAutomated updates, lockfile pinning
Error monitoringSentry (PII scrubbed before transmission)
AnalyticsPostHog (proxied through our domain, no third-party cookies)
Compliance
SOC 2 Type IIIn progress
GDPRData handling designed for GDPR readiness
Security questionnaireAvailable on request
Penetration testingPlanned
Data Privacy
Subprocessors
| Vendor | Purpose | Data Processed |
|---|---|---|
| Supabase | Database, Auth, Edge Functions | All application data |
| Vercel | Hosting, CDN, Edge Middleware | Request routing, static assets |
| PostHog | Product analytics | Anonymized usage events |
| Sentry | Error monitoring | PII-scrubbed error reports |
| Postmark | Transactional email | Email addresses, notification content |
| Stripe | Payments | Billing data (PCI-compliant) |
| ConnectWise | PSA integration (customer-initiated) | Synced CW entity data |
Operational Security
- Incident response process documented internally
- Uptime monitoring via Vercel + Sentry
- Audit logging for sensitive operations
- Automated alerts on error rate spikes