Security

How we protect customer and lead data. Last updated: May 18, 2026.

Encryption

  • At rest: Meta access tokens are AES-256-GCM encrypted in our database; sessions are bcrypt + pgcrypto hashed.
  • In transit: TLS 1.2+ enforced via HSTS (max-age=63072000).
  • Database: encrypted at rest by Neon, our Postgres provider.

Authentication & access

  • SSO via Supabase (email + magic link).
  • Server-side session invalidation on sign-out.
  • Per-workspace role model: OWNER, ADMIN, MEMBER, VIEWER.
  • Platform-admin access is locked to an env-allowlist (PLATFORM_ADMIN_EMAILS). No in-app escalation path.

Webhook integrity

  • Meta: HMAC-SHA256 signature verified; fail-closed on bad or missing signature.
  • Twilio: HMAC-SHA1 signature verified; fail-closed.
  • Calendly: svix signature verified; fail-closed.
  • Zoom: HMAC-SHA256 signature verified; fail-closed.

Tenant isolation

  • Every database query is scoped to the caller’s workspaceId, resolved from the server session. Never from the request body.
  • Cross-workspace data access is impossible by design.
  • The demo workspace cannot mutate any real workspace.

Rate limiting & DoS

  • Per-IP token bucket on every unauthenticated endpoint.
  • Vercel edge enforces a 4.5 MB request-body cap.
  • Meta webhook rejects payloads > 64 KB pre-HMAC.

Privacy & compliance

  • TCPA-compliant consent capture at lead intake.
  • GDPR / CCPA delete-on-request (owner-only, with audit trail).
  • Full lead CSV export available per workspace.
  • Audit log for every privileged action.

Monitoring & response

  • Self-monitoring Incident table with Claude Opus diagnosis.
  • Public status page at /status.
  • Real-time multi-service health checks.
  • Workflow-engine watchdog with 15-minute stuck-task recovery.

Responsible disclosure

Report security issues to security@impactingglobalventures.com.

We aim to acknowledge within 24 hours and remediate critical issues within 7 days.