Security Architecture
Operate with zero-compromise security from day one. Identity, data, and runtime protection are woven into the edge.- Identity: Auth0 SSO/SAML, MFA, anomaly detection, short-lived tokens
- Authorization: RBAC in app, RLS in database, least-privilege scopes
- Runtime: Cloudflare WAF, Durable Object isolation, origin validation for WebSockets
- Secrets: Encrypted at rest, never logged; rotation playbooks
- Auditability: Structured logs, immutable audit trails, alerting
Identity and Access
- Auth0 tenants, connections, and Organizations for multi-tenant RBAC
- MFA enforced on privileged roles
- Scopes per API domain: chat:write, integrations:read, billing:manage
- Token rotation cadence and back-channel logout
Data Protection
- Supabase RLS: tenant boundaries and per-user row policies
- Encryption: at rest and in transit; keys rotated per policy
- Data retention and deletion SLAs (configurable per customer)
Runtime Safeguards
- Cloudflare WAF and anycast edge mitigate DDoS
- WebSocket origin checks and heartbeats
- Durable Object per-tenant sharding to isolate state
Threat Modeling
| Threat | Mitigation | Monitoring |
|---|---|---|
| Token theft | Short TTLs, rotation, device checks | Auth0 logs, anomaly flags |
| DDoS | WAF + rate limits | Cloudflare Analytics |
| Data exfil | RLS, encryption, scoped tokens | Supabase audits |
| Injection | Input validation, content sanitization | Error budgets, alerts |
Compliance Map
- SOC 2 readiness (controls for security, availability)
- GDPR/DSAR workflows (export/delete)
- PCI scope minimized; Stripe handles card data