Security
How we protect customer and lead data. Last updated: May 18, 2026.
Encryption
- At rest: Meta access tokens are AES-256-GCM encrypted in our database; sessions are bcrypt + pgcrypto hashed.
- In transit: TLS 1.2+ enforced via HSTS (max-age=63072000).
- Database: encrypted at rest by Neon, our Postgres provider.
Authentication & access
- SSO via Supabase (email + magic link).
- Server-side session invalidation on sign-out.
- Per-workspace role model: OWNER, ADMIN, MEMBER, VIEWER.
- Platform-admin access is locked to an env-allowlist (PLATFORM_ADMIN_EMAILS). No in-app escalation path.
Webhook integrity
- Meta: HMAC-SHA256 signature verified; fail-closed on bad or missing signature.
- Twilio: HMAC-SHA1 signature verified; fail-closed.
- Calendly: svix signature verified; fail-closed.
- Zoom: HMAC-SHA256 signature verified; fail-closed.
Tenant isolation
- Every database query is scoped to the caller’s
workspaceId, resolved from the server session. Never from the request body. - Cross-workspace data access is impossible by design.
- The demo workspace cannot mutate any real workspace.
Rate limiting & DoS
- Per-IP token bucket on every unauthenticated endpoint.
- Vercel edge enforces a 4.5 MB request-body cap.
- Meta webhook rejects payloads > 64 KB pre-HMAC.
Privacy & compliance
- TCPA-compliant consent capture at lead intake.
- GDPR / CCPA delete-on-request (owner-only, with audit trail).
- Full lead CSV export available per workspace.
- Audit log for every privileged action.
Monitoring & response
- Self-monitoring
Incidenttable with Claude Opus diagnosis. - Public status page at /status.
- Real-time multi-service health checks.
- Workflow-engine watchdog with 15-minute stuck-task recovery.
Responsible disclosure
Report security issues to security@impactingglobalventures.com.
We aim to acknowledge within 24 hours and remediate critical issues within 7 days.