We use encryption in transit (TLS) and at rest, role‑based access controls with least privilege, access logging, and Row‑Level Security for multi‑tenant separation. Subprocessors are vetted and bound by Art. 28 GDPR contracts. We conduct vulnerability management and periodic testing.
A coordinated vulnerability disclosure channel is available via medora.ai.dev@gmail.com. Incident response procedures are in place; material incidents are notified per our Privacy Policy.