/* global React, PoofPart1 */ const { Reveal, ArrowRight, Check } = window.PoofPart1; /* ============= SECURITY (TRUST) ============= */ const SECURITY_PILLARS = [ { icon: "๐Ÿ”’", title: "Your data, encrypted", desc: "AES-256 at rest, TLS 1.3 in transit. Every byte we hold is encrypted, including database backups and build snapshots.", }, { icon: "๐Ÿงญ", title: "Minimal collection", desc: "We collect email, billing, and what you typed into the builder. That's it. No fingerprinting, no third-party ad pixels.", }, { icon: "๐Ÿงฑ", title: "Isolation by default", desc: "Each customer's data lives in a logically isolated namespace. Cross-tenant queries are physically impossible.", }, { icon: "๐Ÿšช", title: "Easy to leave", desc: "Export everything you've built โ€” source code, assets, and data โ€” in one click. Cancel takes effect immediately.", }, ]; const SECURITY_BADGES = [ { name: "SOC 2 Type II", desc: "Audited annually by independent assessors.", status: "Certified", year: "2025" }, { name: "GDPR", desc: "EU data residency and DPA available on request.", status: "Compliant", year: "Always" }, { name: "CCPA", desc: "California consumer protections โ€” opt-out built in.", status: "Compliant", year: "Always" }, { name: "HIPAA", desc: "Business Associate Agreement available on Pro+.", status: "Available", year: "On request" }, { name: "ISO 27001", desc: "Information security management.", status: "In progress", year: "Q4 '26" }, { name: "PCI DSS", desc: "Payments handled by Stripe โ€” we never see your card.", status: "Outsourced", year: "Always" }, ]; const PRACTICES = [ { title: "Background checks", desc: "Every employee with production access passes a third-party background check." }, { title: "Hardware-key 2FA", desc: "All staff use hardware security keys. No SMS codes." }, { title: "Least-privilege access", desc: "Production access is request-only, time-boxed, and logged." }, { title: "Vulnerability scans", desc: "Automated SAST, DAST, and dependency scans on every commit." }, { title: "Pen tests", desc: "External penetration test annually. Report available under NDA." }, { title: "Incident response", desc: "Runbook tested quarterly. 24-hour customer notification commitment." }, ]; function SecurityPage() { return ( <>
Security & trust

Built for people, guarded like a bank.

You shouldn't have to be a security expert to use a tool that handles your business. So we made the boring, careful choices for you โ€” and we're happy to tell you exactly what they are.

SOC 2 Type II certified 99.99% uptime ยท last 90 days Live status โ†’
{/* Pillars */}
{SECURITY_PILLARS.map((p, i) => (
{p.icon}

{p.title}

{p.desc}

 ))}
{/* Compliance grid */}
Audits & compliance

The frameworks we live up to.
{SECURITY_BADGES.map((b, i) => (

{b.name}

{b.status}

{b.desc}

{b.year}
 ))}
{/* Practices */}
How we operate

The careful, boring stuff.
{PRACTICES.map((p, i) => (

{p.title}

{p.desc}

 ))}
{/* Bug bounty */}
Bug bounty

Found a flaw?
We'll thank you (and pay you).

We pay $500โ€“$10,000 for vulnerabilities, scaling with impact. Critical issues get same-day acknowledgement and a credit on this page if you'd like.

Report a vulnerability Read the rules
2026 Hall of Thanks: {["@maya_h", "@n00n", "@oleksiy.k", "@ravi.s", "@thelinkerd", "@flora"].map(h => ( {h} ))}
{/* CTA */}

Want the long version?

We publish a security whitepaper, a system architecture overview, and our latest SOC 2 report (under NDA).

Download whitepaper Request SOC 2 report
); } window.SecurityPage = SecurityPage;