Your members hand you their attention, their wins, and their data. We treat protecting it as the foundation everything else sits on. Here's how we keep every team's information isolated, encrypted, and yours, in plain language.
Every team gets its own walled-off space. Separation isn't left to application code to remember: it's enforced at the data layer, checked on every read and write, so one team can never see or touch another team's information.
Traffic between your people and MyCadre is protected with modern TLS, so nothing travels in the clear. Stored data is encrypted at rest with AES-256, so the copy on disk is protected too.
Sign in with email and password or with Google. Passwords are never stored in a readable form, only as a salted, hashed value. Sessions can be revoked instantly, and resetting a password signs that account out everywhere.
People and systems get only the access they need, and nothing more. Sensitive administrative actions are limited to narrow, audited paths, not part of everyday operation, so a single mistake stays contained.
When your team connects a tool, those credentials are encrypted and scoped to your team alone. They're used only at the moment they're needed, never written to logs, and never shared across customers.
Your team's data is yours. We hold it to run your cadre, never to sell it and never to train shared models across customers. You can export it whenever you want, and if you leave, we remove it.
Good security doesn't lean on a single safeguard. We stack independent protections so that no single mistake can leak data across teams.
Each request resolves which team you belong to and tags every query with it before it touches stored data.
The data layer re-checks your team on every read and write, so the rule holds even if a bug somewhere forgets to.
The running platform holds only the privileges it needs, and isn't allowed to bypass those checks in the first place.
You answer to your members, and sometimes to regulators. We give you the controls and the paperwork to stand behind that.
Our practices are built to support GDPR and CCPA, including the right to access, export, correct, and delete personal data. We'll help you meet your obligations to your own members.
Need a signed DPA, a security questionnaire, or a sub-processor list for your review? We're glad to provide them. Reach out and we'll get you what your team needs.
Your data is backed up regularly and the platform is monitored continuously, so we can recover quickly and keep your team's experience running.
We build around the controls behind widely recognized security frameworks. We'll be transparent about where we are on formal certification and share our current posture on request, no hand-waving.
Your team's information stays your team's information. We don't sell it, and we don't train shared models on it across customers. Export it whenever you like, and if you ever leave, we remove it. That's the deal, written plainly.
Found a security issue? We want to hear from you. Email security@mycadre.ai and we'll respond quickly. We won't pursue good-faith researchers who report responsibly.
Pick a plan, or talk to us about your team's security and compliance needs. We're glad to walk through the details.