Security

Security posture

Tenant separation

Customer records are scoped by organization ID. Application queries require an authenticated session and resolve data through the user’s organization membership.

Secrets

Runtime secrets are loaded from environment variables. OAuth tokens are designed to be encrypted with AES-256-GCM before storage.

Payments

Stripe-hosted Checkout handles payment collection. Webhook payloads are verified with Stripe signatures before subscription access is provisioned.

Agent controls

High-risk agent actions should go through approval requests before sending external messages, changing calendars, or committing the company to customer-facing promises.

Logging

Important events are written to an audit log. Webhooks are stored idempotently so repeated provider delivery does not duplicate provisioning work.