Security
Security isn't a feature.
It's the architecture.
End-to-end encrypted co-browse. AES-256-GCM encryption at rest. Argon2ID authentication. HMAC-signed webhooks. No session recording. Zero-knowledge by design.
Platform
Hardened across every layer.
From authentication to encryption to audit logging — security is built into the foundation, not bolted on.
AES-256-GCM
Authenticated encryption at rest for all sensitive data. Versioned keys with rotation support.
Argon2ID + Passkeys
Memory-hard password hashing, TOTP two-factor, WebAuthn passkeys, and magic links.
Two-token sessions
Short-lived access tokens with rotating refresh tokens. Replay detection revokes the entire token family.
Zero-knowledge co-browse
ECDH key exchange + AES-256-GCM end-to-end. Screen data never readable by our servers.
Full audit trail
Login attempts, session history, API key lifecycle, and security events — logged with actor, IP, and device.
Scoped API keys
Granular read/write permissions per key. Rotation, revocation, HMAC-signed webhooks, and rate limiting.
Deep dives
Product-specific security architecture.
Each product has its own security model. Read the full architecture for the ones that matter to you.
Visual Assist (Co-browse)
End-to-end ECDH + AES-256-GCM encryption. Zero-knowledge server design. No session recording. Ephemeral keys per session. Multi-agent key routing.
Read architectureLive Chat
AES-256-GCM encryption at rest for visitor PII. Argon2ID password hashing. Two-token session rotation with replay detection. HMAC-signed webhooks.
Read architectureEmail (Shared Inbox)
Per-tenant envelope encryption with KMS-wrapped keys. AES-256-GCM at rest, separated search layer, minimal OAuth scopes, and cryptographically verified inbound delivery.
Read architectureQuestions? Need an audit?
Contact our security team for architecture reviews, compliance documentation, or penetration test coordination.