Security through architecture, not just promises.
Your Stewart instance is accessible only through authenticated sessions. Multi-factor authentication is available and recommended. API access requires scoped tokens with explicit permissions.
Stewart requests only the minimum permissions needed for each integration. When you connect external services, you control exactly what Stewart can access and what it can't.
All external actions are logged with timestamps, approval records, and execution details. You can review this audit trail at any time through your dashboard.
Cloud components run on established infrastructure providers with SOC 2 compliance. Local components run on your hardware with your network security. Data in transit is encrypted. Data at rest follows provider and local security configurations.
In the event of a security incident, affected users are notified within 72 hours with clear information about what happened, what data was affected, and what actions to take.