Security
Security and compliance
How hosted artifact protection, deletion, audit records, and authentication safeguards work.
Last updated: July 16, 2026
Hosted artifact copies use envelope encryption. Without the deployment artifact key, durable uploads are disabled.
See the Data Processing Agreement for the governing terms.
Organization administrators can request account and data subject deletion. Project deletion runs as a resumable job.
See the Data Processing Agreement for the governing terms.
Administrative changes have a tenant audit trail with CSV export.
See the Data Processing Agreement for the governing terms.
Authentication surfaces are rate limited and retention purge runs are measured and audited.
See the Data Processing Agreement for the governing terms.