Security isn't a feature we bolt on — it shapes how A2Z is built.
Every hosted app runs on its own dedicated, isolated service rather than sharing one big server. One app can't reach another's data, and a problem in one never spreads.
Traffic is encrypted in transit with HTTPS (automatically provisioned for every domain), and data is encrypted at rest by our infrastructure providers.
Internal access is limited and least-privilege. Credentials and API keys are stored as secrets, never in your app's source.
Download your full source any time, delete a project to remove its files, or close your account. You're never locked in.
If you believe you've found a vulnerability, please email [email protected] with details. We'll acknowledge it, investigate, and keep you posted. Please give us a reasonable window to fix issues before disclosing them publicly.