Encrypted in transit and at rest
Everything travels over TLS, and your data is encrypted where it’s stored. The API and SDKs are
HTTPS-only — the one exception is loopback, for local development.
Secrets are sealed
Your provider signing secrets, outbound signing keys, and ingest tokens are sealed with a key
management service and only unsealed by the engine that needs them — never sitting in
plaintext.
One organization can't see another
Tenant isolation is enforced by the database itself (row-level security), not by application
code remembering to filter. A query is constrained to its organization at the lowest level.
Delivery can't be turned on your network
Outbound delivery only targets destinations you’ve allowlisted, re-validates every URL, and
refuses private or internal addresses — so a misconfigured destination can’t be used to reach
inside a network.
Private by default
Nothing you create is public, listed, or shared with anyone until you deliberately make it so. There’s no accidental public view of your endpoints or events.Related
The audit log
Verify the record of what happened.
Security & architecture
The full engineering detail.