Tenant isolation, two walls deep
Postgres row-level security on every tenant-scoped table. Application code also filters by org_id, with the SET LOCAL session variable enforced inside every transaction. Verified by integration tests in CI.
Security
Built like a vault.
Your inventory is your business. We treat it like ours. Compliance is a roadmap, not a marketing claim — here is exactly where we stand.
PIPEDA alignedGDPR alignedSecurity review plannedExternal pentest 2026
Envelope encryption at rest
AES-256-GCM with a per-record Data Encryption Key, wrapped under a Key Encryption Key from env. Annual KEK rotation re-wraps DEKs without re-encrypting payloads. Plaintext credentials never touch the DB.
Authentication + SSO
Clerk-backed identity. Email + password, magic link, Google, Microsoft, GitHub on every plan. SAML SSO and SCIM provisioning on Enterprise. Hardware-key 2FA for admin accounts.
Append-only audit log
Every state-changing API call writes an audit row with user, org, IP, user-agent, action, before/after diff. Sensitive keys (tokens, secrets, passwords) are redacted before persistence. Export on Pro+.
Hosting + data residency
Cloudflare CDN + Supabase Postgres (Toronto, yyz) + Fly.io workers. Customer data never leaves the region you pick. Daily PITR backups, 30-day window on Team+.
Sliding-window rate limits
Per-IP DDoS shield in middleware (120 req/min), per-org token bucket on app APIs (30/sec burst, 600/min sustained), tighter limits on OAuth + export endpoints. Backed by Upstash Redis.
Strict CSP + security headers
Per-request nonce CSP with strict-dynamic. HSTS 2-year preload, X-Frame-Options DENY, COOP same-origin, no inline scripts beyond the framework. Verified by Mozilla Observatory in CI (target: A+).
Continuous secret + dep scanning
gitleaks runs on every PR. pnpm audit fails the build at moderate severity. CodeQL extended security pack on push to main. Weekly cron catches advisories that landed since last touch.
Responsible disclosure
security@saferinventory.com — PGP key on /.well-known/security.txt. Initial response within 48 hours, remediation timeline within 5 business days. Hall of fame for credited researchers.
Control matrix
Specifics, not slogans.
Data
- AES-256-GCM at rest, TLS 1.3 in transit
- Envelope encryption with annual KEK rotation
- Postgres RLS policies on every tenant table
- Daily PITR backups, 7–30 day window
- Encryption key rotation runbook + tested annually
Access
- Clerk identity + 2FA enforced for admin roles
- Hardware-key 2FA for production console access
- Cloudflare Access tunnels — no public DB endpoints
- JIT access reviews quarterly
- Annual access review of every internal account
Operations
- Code review required on every change to main
- Branch protection + signed commits
- Sentry error tracking with PII filters
- Pino structured logs, 30-day retention
- Incident response runbook + on-call rotation
Vendors
- Subprocessors listed at /legal/subprocessors
- DPA available — see /legal/dpa
- Annual security questionnaire on every Tier-1 vendor
- No customer data shared with marketing or analytics tools without consent
Compliance roadmap
What's done. What's next.
PIPEDA + GDPR alignedToday
CSP A+ on Mozilla ObservatoryToday
gitleaks + pnpm audit + CodeQL in CIToday
External security reviewPlanned
External penetration testAnnual · Q4 2026 onward
Formal compliance auditPlanned
ISO 27001Stretch · Year 2-3
HIPAA BAAOn request · Enterprise
Bug bounty programPlanned · Year 2
Found a vulnerability?
security@saferinventory.com
48-hour acknowledgement · 5-day remediation timeline · Hall of fame credit