Trust and safety
Enterprise security.
Managed cloud controls, scoped server-side access, and secret-backed integrations protect portfolio and infrastructure data.
Source detectedProbability movedDesk reviewedBrief ready
Security Architecture
Data Protection
- • TLS for application traffic
- • Provider-managed encryption at rest for hosted storage
- • Deployment secrets for API keys and service credentials
- • Server-side access to service-role credentials only
Access Control
- • Google OAuth sign-in support
- • Session-gated console and compute-desk routes
- • Organization-aware API access for compute-desk data
- • Agent and ingestion endpoints protected with shared secrets
Infrastructure Security
Platform Security
- • Managed hosting and storage providers
- • GCS and Supabase persistence when configured
- • Runtime config health checks for missing services
- • Dependency, lint, test, and build checks before release
Threat Detection
- • Provider edge protections where deployed
- • CSRF protection on lead-capture flows
- • Server logs for auth, lead, and agent events
- • Rate limiting on selected compute-desk APIs
Compliance & Certifications
Current
- Privacy policy and terms
- Google OAuth session flow
- Secret-backed internal endpoints
In Progress
- • SOC 2 readiness controls
- • Vendor security questionnaire pack
- • Formal incident response runbook
Documents
- • Security overview
- • Vendor questionnaires by request
- • DPA review by request
- • Sub-processor list by request
Security-First Development
Security review is part of the release process. Material changes are expected to include:
- • Threat modeling for sensitive data paths
- • Static checks, tests, and build verification
- • Third-party review when enterprise scope requires it
- • Security review before release
We welcome responsible vulnerability reports and route them through the security contact below.
For security questionnaires, audit reports, or to report a vulnerability, contact our security team at security@greencio.com