Security
Built for revenue teams. Hardened for security teams.
What we do to protect your data, your customers' data, and the trust your team places in us.
Encryption
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Backups are encrypted with the same key envelope.
Access controls
Per-organization isolation, role-based access for owners/admins/members, and per-integration scopes. We only request the minimum from each connected tool.
Authentication
Magic-link and password auth on the standard plan; SSO (SAML / OIDC) on Enterprise. Sessions scoped per subdomain.
Tenant isolation
Each customer's data lives behind a separate organization id enforced at every query — including by middleware before requests reach the app.
Auditability
Enterprise customers get an audit log of administrative actions, integration connects, and agent invocations.
Responsible AI
Your data is not used to train third-party models. Bring your own AI keys on Team and Enterprise to keep agent calls inside your account.
Need our security packet?
Enterprise customers can request the full security review packet, DPA, and a sub-processor list. Email security@medusaos.ai.
Start your command center.
Connect your tools and set your first goal in under a minute. Free to try, no credit card required.