Security Principles
SupplyGuard should collect less, expose less, and route access through the narrowest path that still makes the product useful.
That principle drives how we think about integrations, stored secrets, and customer data.
Security
Security should be
visible, not vague.
This page explains the security posture we aim for, the operating principles behind the product, and the shared responsibilities that come with using it.
Account And Access
Access to the dashboard is tied to authenticated user sessions. Connected integrations are scoped to the workspace that configured them.
We aim to keep access controls aligned with the user and installation that actually owns the connection.
Secrets And Integrations
Secrets used to operate the product should be stored and handled as production credentials, not pasted around casually or left in code.
Customer-provided integration secrets should be protected in storage and revealed only when needed to complete the requested action.
Monitoring And Response
We use logs, health checks, and operational monitoring to detect failures and investigate incidents.
If we identify a material security issue affecting the product, we should respond quickly, contain the issue, and communicate clearly.
Shared Responsibility
We are responsible for securing the product we operate. Customers are responsible for securing the endpoints, accounts, and workflows they connect to it.
That means strong credentials, careful repo access, and appropriate Slack channel governance still matter.
Report A Security Issue
Report security concerns to tasavour@beneathatree.com.