FOUNDING ACCESS First 3 months free — use it in production and tell us what to fix. Claim it →
Security & trust

Built so you can start small and trust us gradually.

We govern identities for a living, so we hold ourselves to the model we'd want as a customer: your data in its own database, a connection that can only read until you say otherwise, and a clean way out. This page is specific on purpose — no badges standing in for answers.

Earn it in steps

You never have to trust us all at once.

Every stage is real work you can stop at. Nothing writes back to your directory until you explicitly turn it on, per connection.

STEP 01
Read-only demo
Explore a seeded sample estate. No signup, nothing of yours involved.
STEP 02
Trial with sample data
Your own isolated workspace, populated with example identities to click through.
STEP 03
Connect a test OU
Point a read-only connection at a small slice of your directory and see real results.
STEP 04
Turn on write-back
Only when you're ready, enable provisioning — per connection, on your terms.
How your data is held

Isolation and least privilege, by construction.

A database per customer

Every customer gets their own database with its own SQL credentials — not a shared table with a tenant column. One customer's login cannot read another customer's data, because it is scoped to a different database entirely. Isolation is enforced by the boundary, not by a WHERE clause we have to remember to write.

Read-only by default

A connection to your directory can only read until you explicitly enable write-back on that specific connection. Discovery, certification, and reporting never need write access — so for most of what the platform does, it simply cannot change anything in your environment.

Credentials encrypted, never logged

Directory and service credentials you enter are encrypted at rest and decrypted only to make the connection you configured. They are never written to logs, never shown back to you in the clear, and never leave your tenant's boundary.

Encrypted in transit and at rest

All traffic is HTTPS (HSTS, TLS). Data at rest sits on Azure SQL with transparent data encryption. The platform runs in Microsoft Azure; we can confirm the specific region for your tenant on request.

Backups, deletion & who can see your data

The questions a security review actually asks.

How are we backed up, and can we recover a point in time?
Tenant databases run on Azure SQL with point-in-time restore, so we can roll a database back to a moment within the retention window if something goes wrong.
What happens to our data if we leave?
You can export your data while your tenant is active. On cancellation your tenant goes read-only for a grace period so you can still export, after which the tenant database is deleted. We don't hold your data hostage, and we don't keep it indefinitely once you're gone.
Who at the vendor can access our data?
Routine operation does not require anyone on our side to read your tenant data. When support genuinely needs to act on your account, that access is break-glass and logged — a deliberate, recorded action, not standing access. Account Managers act on your account through audited operations, never by quietly assuming your session.
Do you enforce MFA and least privilege on your own staff?
Yes. Staff access to the operations console requires multi-factor sign-in, and staff roles are scoped — a support agent handling a ticket does not get customer-administration powers.
Where are you on compliance certifications?
We're an early, focused product and we'll be straight with you: formal SOC 2 attestation is on the roadmap, not in hand today. We complete security questionnaires on request and we'd rather earn a mid-market team's trust with a specific, honest answer than a logo we haven't verified.

Start where you're comfortable.

Explore the read-only demo, or send us your security questionnaire — we answer specifics.