Built for Enterprise Security
Your architecture data is your competitive advantage. We protect it with the same rigor we help you apply to your governance.
Encryption
Sensitive credentials are protected at rest with strong, well-known cipher suites and per-workspace key derivation. Service credential secrets are stored as one-way hashes. Platform storage is encrypted at rest by Cloudflare, and all traffic is encrypted in transit via TLS.
- Per-workspace key derivation for AI provider credentials
- Service credential secrets stored as one-way hashes
- TLS encryption for all data in transit
- Platform storage encrypted at rest by Cloudflare
Access Control
Role-based access control with Microsoft Entra ID SSO integration. Workspace isolation is enforced at the repository layer with mandatory workspace scoping on every query.
- Microsoft Entra ID (Azure AD) SSO
- Role-based access control (RBAC)
- Composite-key workspace isolation enforced at the repository layer
- Signed token validation on every request
Privacy & Data Handling
We design cajeX around the principles of major privacy frameworks and are building toward formal certification as part of our GA roadmap.
- GDPR-aligned data handling and workspace data export
- DPA available on request
- SOC 2 Type II audit on the pre-GA roadmap
- Workspace-scoped audit log with 90-day retention
Infrastructure
Built on Cloudflare's global edge network. Workers run in hundreds of locations worldwide, with managed database backups and built-in DDoS protection.
- Cloudflare Workers on the global edge
- Automated managed database backups
- Rate limiting and DDoS protection via Cloudflare
- Correlation ID tracking across all services