Security

We take security seriously. This page outlines our controls and practices.

Platform

• Hosted on Google Cloud Platform (GCP); encryption in transit (TLS) and at rest (provider‑managed keys).
• Secret Manager for credentials; least‑privilege IAM; audit logging on sensitive resources.
• Network egress restricted; OIDC between services; scoped service accounts per workload.

Application

• HMAC verification for Shopify webhooks; OIDC for service‑to‑service calls; replay protection and deduplication.
• Input validation and structured logging; rate limiting and exponential backoff for external APIs.
• Tenant isolation via scoped tokens and explicit tenant context on writes.

Identity & access

• Role‑based access controls for operator functions; session cookies with httpOnly and SameSite attributes.
• Administrative access gated via Google IAM; production changes via CI/CD with approvals.

Data protection & retention

• Data minimization: only fields required for event normalization and deliverables are processed.
• Operational logs retained for limited windows appropriate for diagnostics and SLOs.
• Deletion supported via Shopify GDPR topics and operator workflows.

Reliability & backups

• Managed services with regional redundancy where available; durable queues (Pub/Sub) and storage.
• Backups/snapshots for critical data stores per environment policy.

Vulnerability management

• Base image and dependency updates via CI; critical patches prioritized.
• Static checks and linting; infrastructure as code for reproducible environments.

Incident response

• Runbooks for triage and response; post‑incident reviews for material events.
• Security inquiries: msango@convomesh.com.