Stripe API Keys
We store all Stripe keys securely, encrypted with AES-256. We rotate the encryption key periodically.
SOC 2 Compliance
Autumn is preparing for a SOC 2 Type 2 compliance audit. Our SOC 2 audit window is expected to start in Q4'25-Q1 26 window.
Backups
All customer databases are backed up to durable storage.
Encryption in Transit
Autumn requires industry-standard Transport Layer Security (versions 1.2+) encryption for all connections. All database services support client certificate verification modes. Critical internal traffic is protected by mutual TLS.
Encryption at Rest
All data volumes, including backups, are encrypted at rest with unique keys specific to each service
Payments and PCI
Credit card payments are processed through Stripe without storing personal credit card information.
Autumn API Keys
Autumn API Keys are encrypted 1-way only, meaning that even in the event of a data breach, no sensitive keys is leaked. We encrypt the keys with SHA-512
