The fundamentals, done properly.
Authentication
Sign-in is handled by Firebase Authentication using industry-standard OIDC tokens. Every request to the platform is verified server-side before it reaches your data.
Tenant isolation
Every workspace is a separate tenant. Data is scoped to its tenant at the database level, and access is checked against your membership on every request. One workspace can never read another's data.
Encryption
All traffic is encrypted in transit with TLS. Data at rest is encrypted by our cloud providers. Card details are handled by our payment processor and never stored on our systems.
Access control
Roles separate clients, staff, and admins, and staff-only surfaces require an extra permission check. Internal access to customer data is limited to what's needed to operate and support the service.
Data handling
You can export your content at any time. When you delete a workspace, your data is hard-deleted from active systems within 30 days, and backups cycle out shortly after.
Infrastructure
In-House runs on established cloud platforms for hosting, database, and storage. We do not train shared AI models on your business data.
What we're still building.
SOC 2
We're working toward a SOC 2 Type II report. Until it's complete we won't claim it; this page will be updated when it lands.
Bug bounty
A formal disclosure program is being set up. In the meantime, we welcome reports directly and will always credit researchers who report in good faith.
Found something? Tell us.
If you believe you've found a security issue, email security@get-ih.com with the details and steps to reproduce. We take every report seriously, respond quickly, and will keep you updated through to a fix. Please give us a reasonable window to resolve it before any public disclosure.