Security

1. Overview

• Security is designed into core flows: authentication, role-aware access, and tenant separation.
• We aim to reduce risk through least-privilege access and defense-in-depth controls.
• We continuously improve safeguards based on operational learnings and risk assessment.

2. Data protection

• Encryption in transit: HTTPS/TLS is used for web traffic and API requests.
• Encryption at rest: Customer data is stored on managed cloud infrastructure with encryption at rest.
• Backups & resilience: We rely on managed platform features and operational safeguards to support availability and recovery.

3. Access controls

• Authentication: user sign-in is required to access the application.
• Authorization: access to data and operations is controlled by roles/permissions.
• Tenant boundaries: data access is scoped by tenant to reduce cross-organization exposure.
• Auditability: key changes are designed to be reviewable through application history/logging where available.

4. Monitoring and abuse prevention

We monitor for reliability and security issues. Depending on configuration, this may include error/performance monitoring and anti-abuse protections on public forms.

For details on optional monitoring and storage technologies, see our Privacy Policy.

5. Incident response

• We triage and investigate suspected security incidents.
• We take reasonable steps to contain impact and remediate root causes.
• When appropriate, we notify affected customers consistent with applicable obligations and contracts.

6. Subprocessors

We use trusted third-party providers to help operate the Service (for example: hosting and monitoring). For an enterprise-friendly list, see our Subprocessors page.

Contact

Security questions? Email Support@metricflowiq.com.