Security & controls

Authentication

SHA-256 hashed tokens; JWT sessions; password resets time-boxed to 1 hour and hashed at rest; invitations 7-day single-use.

Authorisation

Role-based: owner, admin, staff, client, auditor. Per-client login isolation — client sessions are JWT-locked to one client at the query layer (defence in depth).

Multi-tenant isolation

Every read helper accepts a tenantId; default is the session's tenant. Cross-tenant access fails closed. Verified with two-tenant tests in CI.

Encryption — in transit

TLS 1.2+ end to end. HSTS preload via Vercel.

Encryption — at rest

Database: AES-256 on Neon (provider-managed). Signing secrets (DocuSign keys, BYO credentials) re-encrypted application-side with a customer-specific key derived from ENCRYPTION_KEY.

Audit trail

auth_events records every login, signup, password reset, invitation, invite acceptance, invoice generation and invoice payment. Per-entity audit_log records every governance decision and document touch.

Data residency

Primary infrastructure in the EU (Neon postgres) and US (Vercel edge). Per-region pinning available on Enterprise on request.

Backups & recovery

Neon provides point-in-time recovery (PITR) up to 7 days on production. Daily logical backups retained 30 days.

GDPR / UK GDPR / UAE PDPL

Cookie consent required first-visit; data export available; data deletion on request via support@governos.co.

SOC 2 Type II

Pre-audit readiness review complete. Type II observation window opens Q3 2026.

ISO 27001

Statement of applicability in draft. Targeted certification H1 2027.

Penetration testing

Annual third-party pentest committed; first scheduled Q4 2026. CVE monitoring on all dependencies via npm audit + Dependabot.

Incident response

Status page at /status. Incidents reported within 24h; remediations within 30d. Subscribe via RSS.