Security & trust

Trust is the product.

Your members hand you their attention, their wins, and their data. We treat protecting it as the foundation everything else sits on. Here's how we keep every team's information isolated, encrypted, and yours, in plain language.

isolation by defaultencrypted in transitencrypted at restleast privilegeprivacy first

Isolation by default

Every team gets its own walled-off space. Separation isn't left to application code to remember: it's enforced at the data layer, checked on every read and write, so one team can never see or touch another team's information.

Encrypted in transit and at rest

Traffic between your people and MyCadre is protected with modern TLS, so nothing travels in the clear. Stored data is encrypted at rest with AES-256, so the copy on disk is protected too.

Strong, revocable sign-in

Sign in with email and password or with Google. Passwords are never stored in a readable form, only as a salted, hashed value. Sessions can be revoked instantly, and resetting a password signs that account out everywhere.

Least-privilege access

People and systems get only the access they need, and nothing more. Sensitive administrative actions are limited to narrow, audited paths, not part of everyday operation, so a single mistake stays contained.

Protected integrations

When your team connects a tool, those credentials are encrypted and scoped to your team alone. They're used only at the moment they're needed, never written to logs, and never shared across customers.

You own your data

Your team's data is yours. We hold it to run your cadre, never to sell it and never to train shared models across customers. You can export it whenever you want, and if you leave, we remove it.

Defense in depth

Layered, so one slip can't expose another team.

Good security doesn't lean on a single safeguard. We stack independent protections so that no single mistake can leak data across teams.

LAYER 01

Scoped on every request

Each request resolves which team you belong to and tags every query with it before it touches stored data.

LAYER 02

Enforced in the data layer

The data layer re-checks your team on every read and write, so the rule holds even if a bug somewhere forgets to.

LAYER 03

Constrained by role

The running platform holds only the privileges it needs, and isn't allowed to bypass those checks in the first place.

Privacy & compliance

Built to meet you where your obligations are.

You answer to your members, and sometimes to regulators. We give you the controls and the paperwork to stand behind that.

Privacy regulations

Our practices are built to support GDPR and CCPA, including the right to access, export, correct, and delete personal data. We'll help you meet your obligations to your own members.

Data processing agreement

Need a signed DPA, a security questionnaire, or a sub-processor list for your review? We're glad to provide them. Reach out and we'll get you what your team needs.

Resilience and recovery

Your data is backed up regularly and the platform is monitored continuously, so we can recover quickly and keep your team's experience running.

Standards and certification

We build around the controls behind widely recognized security frameworks. We'll be transparent about where we are on formal certification and share our current posture on request, no hand-waving.

Your data, your terms

We hold your data to serve you, not to mine it.

Your team's information stays your team's information. We don't sell it, and we don't train shared models on it across customers. Export it whenever you like, and if you ever leave, we remove it. That's the deal, written plainly.

Found a security issue? We want to hear from you. Email security@mycadre.ai and we'll respond quickly. We won't pursue good-faith researchers who report responsibly.

OwnershipYours
Cross-team accessNone
Sold or minedNever

Bring your team somewhere they can trust.

Pick a plan, or talk to us about your team's security and compliance needs. We're glad to walk through the details.