How we protect your data
- Encryption in transit — all traffic is served over HTTPS/TLS.
- Password hashing — passwords are stored using salted PBKDF2 hashing; we never see your plaintext password.
- Tenant isolation — every query is scoped to your account; users cannot access each other's data.
- Application hardening — CSRF protection on forms, rate limiting, and strict security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy).
- Least privilege & backups — restricted access to production and regular backups.
Responsible disclosure
If you believe you've found a security issue, please email security@11wit.com with details. Please don't access other users' data or disrupt the service while testing. We'll acknowledge your report and work with you on a fix.
Honest status
We are an early-stage company and describe our controls truthfully rather than claiming certifications we don't yet hold. As we grow, we will pursue formal audits and update this page accordingly.