Security at Dathent
We protect your data with secure infrastructure, careful access control, and privacy-first practices.
Data Protection
Encryption in transit
All traffic between you, our APIs, and our backends is encrypted with TLS 1.2 or higher. HSTS is enforced on every public domain.
Encryption at rest
Customer data is encrypted at rest with AES-256. Encryption keys are managed by our cloud provider's KMS with strict rotation.
Secure storage
Production data lives in isolated tenant scopes with no public network paths. Object storage buckets are private by default and audited continuously.
Infrastructure
Cloud infrastructure
Dathent runs on Cloudflare's tier-1 edge network (Workers, D1, R2, Queues) across global regions. Compute is stateless and distributed; storage is replicated.
Backups
We take continuous incremental backups of customer databases with point-in-time recovery for the last 35 days. Restores are tested quarterly.
Monitoring
Infrastructure metrics, application logs, and audit trails feed into 24/7 monitoring with on-call rotation. Anomalies trigger paged alerts.
Access Control
Role-based access
Customer workspaces support roles (Owner, Admin, Editor, Viewer) with granular permissions on projects, integrations, and billing.
MFA support
All accounts can enable multi-factor authentication. SSO with SAML and SCIM provisioning are available on Business plans.
Limited internal access
Engineer access to production is just-in-time, hardware-key gated, time-bound, and fully audited. Customer content is never accessed without an explicit support ticket.
Privacy-first practices
We do not sell user data
Your data is yours. We do not sell, rent, or trade personal information or customer content with third parties.
Minimal data access
We collect and retain only what we need to run the product. Pseudonymization and aggregation are applied wherever possible.
Secure integrations
OAuth scopes are requested at the minimum necessary level. Tokens are encrypted, rotated, and revocable from your settings.
Incident Response
Monitoring
Security signals from infrastructure, application, and identity providers stream into a central log pipeline with automated detection rules.
Response process
We follow a documented incident response playbook with defined severities, on-call escalation, customer notification SLAs, and a written postmortem for every Sev-1.
Found something? Email security@dathent.ai. We acknowledge reports within one business day and welcome coordinated disclosure.
Have a security question?
Our security team is happy to walk you through our controls, share our latest reports, or coordinate a vulnerability disclosure.
Contact Security