Security isn't a feature.
It's the architecture.
End-to-end encrypted co-browse. AES-256-GCM encryption at rest. Argon2ID authentication. Zero-knowledge by design.
Hardened across every layer
From authentication to encryption to audit logging — security is built into the foundation, not bolted on.
AES-256-GCM
Authenticated encryption at rest for all sensitive data. Per-tenant data encryption keys with automatic rotation.
Argon2ID + Passkeys
Memory-hard password hashing with TOTP two-factor, WebAuthn passkeys, and magic link authentication.
Two-token sessions
Short-lived access tokens with rotating refresh tokens. Replay detection revokes the entire token family.
Zero-knowledge co-browse
ECDH key exchange + AES-256-GCM end-to-end encryption. Screen data is never readable by our servers.
Full audit trail
Login attempts, session history, API key lifecycle, and security events — logged with actor, IP, and device.
HMAC-signed webhooks
Every webhook is signed with HMAC-SHA256. Scoped API keys with granular permission control.
Per-tenant keys. Automatic rotation.
All message bodies are encrypted with AES-256-GCM using per-tenant data encryption keys. DEKs are wrapped with master keys and rotated automatically.
- Per-tenant data encryption keys (DEKs)
- Hardware-backed key management with automatic rotation
- OpenSearch for encrypted search indexing
- Enterprise customers can bring their own keys
End-to-end encrypted. Zero knowledge.
Visual Assist uses ECDH key exchange to establish a shared secret between the agent and visitor. All screen data is encrypted with AES-256-GCM before leaving the browser. Our servers route ciphertext they can never decrypt.
- ECDH key exchange — keys never leave the browser
- Visual element picker to exclude sensitive fields
- No session recording, no replay, no server-side storage
- Explicit visitor consent for remote control
Deep-dive by product
Every product has its own security architecture. Explore the details.