Passwordless sign-in — accounts sign in with an email magic link or Google, so there's no password to phish, weaken, or reuse.
Active session control — review and sign out sessions from your Profile.
Multi-factor authentication — required for privileged platform-staff access.
Tenant isolation — your workspace's data is kept separate from other customers' at the data layer.
Encryption — data is encrypted in transit and at rest, and sensitive stored credentials (like the provider tokens you connect) are additionally encrypted at the application layer.
EU hosting — primary infrastructure runs in the EU (Frankfurt).
For the full picture — including how we handle sub-processors and responsible disclosure — see the Security page. To report a vulnerability, email [email protected].