Security & data handling
Cheap, honest credibility pre-SOC 2. No fake badges.
- Encryption: TLS in transit; OAuth tokens AES-256-GCM at rest (true today)
- Infrastructure: Hetzner, EU region (Germany/Finland)
- Agent access: read + propose scopes only; approval gate; full audit trail
- Subprocessor list: hosting, email (Resend), LLM provider
- Responsible disclosure: security contact + /.well-known/security.txt
- Compliance roadmap: SOC 2 Type I planned post-launch — stated, not faked