Your data, properly kept.
A monitoring platform holds sensitive things: hours, screenshots, salaries, books. That's exactly why the security model isn't a page of badges — it's architecture you can ask hard questions about.
Walls enforced at the core.
Each request is fenced from the outside in — and can only ever narrow.
Sealed at the core
Every request is fenced to the active company at the deepest layer of the platform — enforced where the data lives, not just in the app.
Scoped sessions
Your session is scoped to one company at a time; switching companies issues a fresh, narrower key — a stolen session dies on first reuse.
Clients see their slice
Client-portal sessions can only ever narrow what's visible — a client sees their own projects and invoices, never the workspace.
Tested like an attacker
We attack our own walls before every release — any cross-company leak blocks the release, not a customer.
Defaults you'd choose anyway.
Passwords, properly kept
Stored with the strongest modern protection, designed to resist industrial-scale cracking — never readable, never reversible.
Sessions that expire on cue
Signed-in devices renew their keys automatically; anything suspicious cuts the session off everywhere at once.
Encrypted in transit
Every connection is encrypted edge to edge — nothing about your companies ever travels in the clear.
Encrypted at rest
The tracker's offline records are encrypted on your machine, and the key never leaves your device's secure storage.
Ask us the hard questions.
Security is a conversation, not a checkbox. Tell us your threat model — we'll answer it.