Back to Home

Security

Last updated: March 18, 2026

Identity controls

Authenticated routes, role-based access, and company-scoped data isolation.

Encrypted data

TLS in transit and managed encrypted storage for application data and files.

Operational safeguards

Audit trails, activity logging, change controls, and restricted administrative access.

Incident response

Issue triage, rollback procedures, and customer notification workflows for material incidents.

1. Platform security model

SiteProc is designed around authenticated access, company-level data separation, and least-privilege authorization. Sensitive operations are scoped to the authenticated user and the user's company context.

2. Data protection

  • Encrypted transport using HTTPS/TLS
  • Managed encrypted storage for relational data, uploaded files, and backups
  • Role-based permissions and row-level security for multi-tenant access control
  • Restricted administrative operations and server-side secret handling

3. Application controls

  • Authentication checks on protected APIs and user flows
  • Security headers including HSTS, content-type protections, and frame protections
  • Operational monitoring, error reporting, and deployment verification before release
  • Environment-based configuration for third-party services and credentials

4. Secure development practices

We review launch-critical code paths for authorization, error leakage, and tenant isolation. Changes are validated through production builds and targeted deployment verification before release.

5. Incident reporting

If you believe you have found a security issue, email security@siteproc.com with steps to reproduce and any supporting detail. Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and remediate.

6. Shared responsibility

Customers are responsible for managing user access within their organization, using strong passwords, and promptly revoking access for former team members.