Security & Compliance

Enterprise-Grade Security

Built for organizations handling sensitive aerospace and defense intelligence. Security is not an add-on — it is foundational to everything we build.

SOC 2 Type II

Q3 2026

FedRAMP

2027 Target

OWASP Top 10

Covered

NIST 800-53

Design-Aligned

Independent Pentest

Available

Encryption

Your data is protected with industry-leading encryption at every layer.

AES-256 encryption at rest for all stored data
TLS 1.3 encryption for all data in transit
Field-level encryption for sensitive data fields
Encryption keys rotated on a regular schedule

Authentication

Multi-layered authentication protects every access point.

Multi-factor authentication (MFA/TOTP) for all accounts
OAuth SSO with Google, Microsoft Entra ID, and GitHub
Session management with automatic 30-minute timeout and re-authentication
Account lockout after 5 failed attempts with 10-minute cooldown

Authorization

Fine-grained access controls ensure the right people see the right data.

Role-based access control (RBAC) with configurable permission sets
Organization-level permissions and data isolation
API key management with scoped access and expiration
Audit logging of all authorization decisions

Rate Limiting

Intelligent protections guard against abuse while ensuring legitimate access.

Tiered rate limiting based on plan (Redis-backed with in-memory fallback)
Category-aware throttling (AI calls at 0.25x multiplier)
Automatic throttling with clear feedback and Retry-After headers
Custom rate limit configurations for Enterprise accounts

Data Handling

Proprietary algorithms and sensitive computations are fully server-side.

Zero client-side scoring — all proprietary algorithms execute server-side (169 server-only files)
AES-256-GCM field-level encryption for PII with key rotation support
Comprehensive audit logging of all authentication and mutation events
No third-party data sharing without explicit consent

FedRAMP Authorization Roadmap

We are actively pursuing FedRAMP authorization to serve federal agencies with the same intelligence capabilities available to commercial customers.

Q1 2026Complete

Security Architecture Complete

Production-grade security controls: CSRF with timing-safe comparison, tiered rate limiting (Redis-backed), AES-256-GCM field encryption, MFA/TOTP, comprehensive audit logging across 316 API routes.

Q2 2026In Progress

Independent Penetration Test

Third-party penetration test by accredited security firm. Report available to prospective government customers under NDA upon request.

Q3 2026Upcoming

SOC 2 Type II Audit

Formal SOC 2 Type II engagement with accredited assessor. Covers security, availability, and confidentiality trust service criteria.

2027Upcoming

FedRAMP Authorization

FedRAMP Moderate authorization targeting Li-SaaS pathway. SOC 2 foundation accelerates the 3PAO assessment timeline.

Have security questions?

Our security team is available to discuss your organization's specific requirements, provide documentation, or schedule a security review.

Contact Security Team