Settings
Organization profile, security posture, gateways, and integrations.
Organization profile
Visible to teammates and on invoices
AC
PNG or SVG, 256×256 minimum, square aspect
Projects
Each project is its own scope for virtual keys
| Project | Virtual keys | Spend (mtd) | Created |
|---|
Security & SSO
Applied to every member of Acme
Require 2FA
Members must enroll WebAuthn or TOTP within 7 days. 3 members non-compliant.
IP allowlist
Only requests from listed CIDRs are accepted. 2 ranges configured
Session timeout
Members are signed out after this period of inactivity.
SAML SSO — Okta
Connected, 11 of 12 members provisioned via SCIM
Audit log retention
Full request log including prompts, responses, and metadata.
Webhooks
Notify external services when key events fire
| Endpoint | Events | Last delivery | Status |
|---|
Compliance & data
Reports and agreements available on request
SOC 2 Type II
Reissued Q1 2026, auditor: A-LIGN
GDPR DPA
Standard contractual clauses, v3.2
HIPAA BAA
Available on Enterprise, contact sales
Data residency
Pin all traffic to EU, adds 14ms p50
Danger zone
These actions are irreversible
Transfer ownership
Move billing and admin rights to another member.
Delete organization
Revoke all keys, delete logs after the retention period, cancel all invoices.