Security

AltaClario is designed from day one to hold workspace data that delivery teams consider sensitive — sprint scope, capacity, dependencies, people. Here's how that data is protected.

Credential handling

Account passwords are hashed with a modern key-derivation function — plaintext is never stored or logged.
Two-factor authentication (TOTP) is optional but strongly recommended. You can enable it during onboarding or any time from account settings; backup codes are stored only as SHA-256 hashes.
Provider credentials (Jira API tokens, Azure DevOps PATs) are encrypted with AES-GCM, keyed from APP_SECRET via HKDF at decrypt time — plaintext never leaves the server process.
Password-reset tokens are single-use and time-limited; the raw token lives only in the email.

Transport & session

HTTPS is enforced in production, with HSTS set.
A Content Security Policy is applied to every response, alongside strict X-Frame-Options, Referrer-Policy, and Permissions-Policy headers.
Sessions use short-lived access tokens validated server-side on every request and refreshed transparently via secure, HTTP-only cookies.
Sensitive areas (account settings, billing) require a fresh password re-prompt even while signed in.

Tenant isolation

Every row holding workspace data is scoped by org_id, and route handlers enforce that scope through a single shared helper — a misbehaving endpoint can't leak across tenants.
Role-based access (owner, admin, member, viewer); sensitive endpoints require the minimum necessary role.

Abuse prevention

Per-IP rate limits on signup, sign-in, password reset, and other sensitive endpoints.
A full audit log of administrative actions, retained for the life of the workspace.
Analytics tokens and share links are stripped from URLs before they reach any third party.

Responsible disclosure

Found something? Click Contact support and choose “Security vulnerability,” with details and a proof-of-concept. We aim to acknowledge within one business day and keep you updated through remediation.