Security
We take the utmost care of security when handling your data, and always operate on the principle of least privilege. We are happy to explain any further details you may require outside of the information on this page.
What data we process
- Customer usage events and properties coming from your analytics provider (e.g., PostHog) and any metadata you connect (account name, email, plan, tags) for automations and reporting.
- Slack channel identifiers and encrypted tokens for posting alerts (only when you connect Slack).
- We operate on the principle of least privilege: we only access the event streams and properties you grant us.
How data flows and is used
- Events originate in your connected sources (user analytics, billing)
- Automations run in isolated, sandboxed environments with access only to the data sources you’ve enabled.
- Any messages or visualizations are generated strictly within the scope you define.
Encryption, storage and transport
- Data is transmitted over TLS (HTTPS).
- Secrets (API tokens, OAuth credentials) are stored encrypted at rest and used only when required by the service.
- Third-party integrations (PostHog, Slack, etc.) are connected via tokens/OAuth — scopes are limited to what’s necessary.
- We use reputable, compliant infrastructure providers GCP and Microsoft Azure located in the EU.
- All integrations (PostHog, Slack, etc.) use limited scopes and follow the provider’s security standards.
Data retention and deletion
- You can disconnect integrations or delete data at any time.
- We retain minimal logs for operational security and automatically purge inactive data after 30 days.
