Auto-refreshes every 20s · Last checked —
Real-time checks against the running production system.
Uptime history is not yet published — these are live checks, not a 90-day average. We show what we can actually measure right now.
A summary of the security work we've shipped and verified in production. Each change went through the same gate: type-checked, tested, built, and confirmed live.
The full production dependency tree passes a clean security audit. Authentication (Clerk), the web framework (Fastify), the database layer (Drizzle ORM), spreadsheet parsing (SheetJS) and the AI SDK were all upgraded to patched releases.
Administrative access moved to session-based authentication with a rotated, environment-held secret for automation (constant-time verified). Team-role changes are bounded so no member can escalate their own privileges.
User-supplied content is HTML-escaped by default across shared page components. The document importer runs with a strict size cap and the risky parser paths disabled. Inbound webhooks are cryptographically signature-verified.
Nothing reaches production without passing type-checking, a 560+ test suite (including security regression tests), and a full build. Branch protection enforces this on every merge.
How we handle your data — the privacy boundary, encryption, access controls, subprocessors, and incident response — is documented on our Trust & Security page.