Overview
Draft & Goal is built with security at its core. We understand that your workflows handle sensitive business data, and we take protecting it seriously.Data protection
Encryption
- In transit: All data is encrypted using TLS 1.3
- At rest: Data encrypted using AES-256
Data isolation
- Each organization has isolated data storage
- No cross-organization data access
- Strict access controls
Data retention
- Workflow execution logs retained for 30 days
- You can delete data at any time
- Data exported on account deletion
Authentication
User authentication
- Email + password authentication
- OAuth with Google and Microsoft
- Session management with secure tokens
API authentication
- API keys with configurable permissions
- Key rotation supported
- Usage logging and monitoring
Enterprise features
- SAML 2.0 SSO
- SCIM user provisioning
- Custom authentication policies
Integration security
OAuth connections
- We never store your passwords
- Tokens encrypted at rest
- Automatic token refresh
- Revoke access anytime
API keys
- Encrypted storage
- Never logged in plain text
- Scoped permissions
Infrastructure
Cloud hosting
- Hosted on secure cloud infrastructure
- Geographic redundancy
- Regular security audits
Monitoring
- 24/7 infrastructure monitoring
- Anomaly detection
- Incident response procedures
Compliance
Standards
- GDPR compliant
- SOC 2 Type II
- ISO 27001
- Regular penetration testing
Data processing
- EU data processing available
- Data processing agreements
- Subprocessor transparency
Best practices
For your workflows
- Use environment variables for sensitive data
- Limit API permissions to what’s needed
- Review integrations regularly
- Monitor execution logs for anomalies
For your team
- Use strong passwords or SSO
- Enable 2FA when available
- Review member access quarterly
- Offboard promptly when needed
Reporting issues
Security vulnerabilities
If you discover a security vulnerability, please report it to: [email protected] We take all reports seriously and will respond within 24 hours.Questions?
Contact Security Team
Email us with security questions or concerns