Security as a foundation, not a checklist.

ALTITUDE handles your customer relationships, your Gmail threads, your Google reviews. We treat that responsibility the way it deserves to be treated — encrypted, audited, scoped, and revocable.

The pillars

Six foundational practices that govern how every byte of your data is handled.

Encryption in transit and at rest

TLS 1.2+ for every connection. Data at rest encrypted with AES-256 across our database, file storage, and backups.

OAuth, not password storage

Gmail, Outlook, Google Business Profile, Google Ads, Meta, and Twilio all connect via OAuth. We never see, store, or transmit your account passwords.

Limited Use compliance

Google user data is used solely to power user-facing features. Never used to train AI models. Never sold. Never transferred outside disclosed cases.

Role-based access control

Owner, Admin, Manager, and Member roles. Per-pipeline visibility. Per-contact ownership. Audit log on every permission change.

Workspace isolation

Your data is partitioned at the database level. No ALTITUDE customer can see another customer's contacts, threads, or attachments — period.

Audit log

Every login, permission change, contact export, and integration connect is logged with actor, timestamp, and source IP. Exportable on request.

Infrastructure & operations

Infrastructure

ALTITUDE runs on Vercel (Edge), Supabase (Postgres + Auth), and Cloudflare. All providers offer SOC 2 Type II reports we audit annually.

Backups & disaster recovery

Daily encrypted off-site backups with 30-day retention. RTO target 4 hours; RPO target 24 hours. Tested quarterly.

Data residency

Primary data in US-East. EU residency available for Business and Enterprise plans on request — talk to us at /contact.

Common questions

What about SOC 2?

ALTITUDE is currently undergoing SOC 2 Type II audit. Sub-processors (Vercel, Supabase, Cloudflare) are SOC 2 Type II certified. Talk to us for our most recent SOC 2 readiness letter and sub-processor list.

How do I revoke access I gave to ALTITUDE?

Disconnect any integration in Workspace Settings → Integrations. For Google specifically, you can additionally revoke at https://myaccount.google.com/permissions. Revocation is honored immediately and synced data is deleted on a rolling 30-day schedule unless you explicitly request earlier deletion.

Where can I read your full Privacy Policy?

See /privacy. The Google API / Limited Use section was last updated April 18, 2026.

Do you support SSO?

SAML SSO is available on the Business plan and above. SCIM provisioning for larger teams is on the 2026 roadmap — talk to us at /contact for your timeline.

Need a deeper review?

Procurement, IT, or legal evaluating ALTITUDE? We'll send our SOC 2 readiness letter, sub-processor list, and DPA on request.

Contact security

Your move

Connect the chain.
Stop the leaks.

From the first ad click to the paid invoice and the five-star review — one workflow, one record, one place to look.

Start free trial

No credit card
Full ALTITUDE from day one
Cancel anytime

The pillars

Six foundational practices that govern how every byte of your data is handled.

Encryption in transit and at rest

TLS 1.2+ for every connection. Data at rest encrypted with AES-256 across our database, file storage, and backups.

OAuth, not password storage

Gmail, Outlook, Google Business Profile, Google Ads, Meta, and Twilio all connect via OAuth. We never see, store, or transmit your account passwords.

Limited Use compliance

Google user data is used solely to power user-facing features. Never used to train AI models. Never sold. Never transferred outside disclosed cases.

Role-based access control

Owner, Admin, Manager, and Member roles. Per-pipeline visibility. Per-contact ownership. Audit log on every permission change.

Workspace isolation

Your data is partitioned at the database level. No ALTITUDE customer can see another customer's contacts, threads, or attachments — period.

Audit log

Every login, permission change, contact export, and integration connect is logged with actor, timestamp, and source IP. Exportable on request.

Infrastructure & operations

Infrastructure

ALTITUDE runs on Vercel (Edge), Supabase (Postgres + Auth), and Cloudflare. All providers offer SOC 2 Type II reports we audit annually.

Backups & disaster recovery

Daily encrypted off-site backups with 30-day retention. RTO target 4 hours; RPO target 24 hours. Tested quarterly.

Data residency

Primary data in US-East. EU residency available for Business and Enterprise plans on request — talk to us at /contact.

Common questions

What about SOC 2?

How do I revoke access I gave to ALTITUDE?

Where can I read your full Privacy Policy?

See /privacy. The Google API / Limited Use section was last updated April 18, 2026.

Do you support SSO?

SAML SSO is available on the Business plan and above. SCIM provisioning for larger teams is on the 2026 roadmap — talk to us at /contact for your timeline.

Security as a foundation, not a checklist.

The pillars

Encryption in transit and at rest

OAuth, not password storage

Limited Use compliance

Role-based access control

Workspace isolation

Audit log

Infrastructure & operations

Infrastructure

Backups & disaster recovery

Data residency

Common questions

What about SOC 2?

How do I revoke access I gave to ALTITUDE?

Where can I read your full Privacy Policy?

Do you support SSO?

Need a deeper review?

Connect the chain. Stop the leaks.

Security as a foundation, not a checklist.

The pillars

Encryption in transit and at rest

OAuth, not password storage

Limited Use compliance

Role-based access control

Workspace isolation

Audit log

Infrastructure & operations

Infrastructure

Backups & disaster recovery

Data residency

Common questions

What about SOC 2?

How do I revoke access I gave to ALTITUDE?

Where can I read your full Privacy Policy?

Do you support SSO?

Need a deeper review?

Connect the chain. Stop the leaks.

Connect the chain.
Stop the leaks.

Connect the chain.
Stop the leaks.