AltaClario

Security

AltaClario is designed from day one to hold workspace data that delivery teams consider sensitive — sprint scope, capacity, dependencies, people. Here's how that data is protected.

Credential handling

  • Account passwords are hashed with a modern key-derivation function. Plaintext passwords are never stored or logged on our side.
  • A second factor (TOTP) is required on every account before workspace access. Backup codes are stored only as SHA-256 hashes.
  • Provider credentials (Jira API tokens, Azure DevOps PATs) are encrypted with AES-GCM. The encryption key is derived from APP_SECRET via HKDF at decrypt time — plaintext credentials never leave the server process.
  • Password reset tokens are issued as single-use, time-limited links; the raw token lives only in the reset email.

Transport & session

  • HTTPS is enforced in production. HSTS is set.
  • A Content Security Policy (CSP) is applied to every response, along with strict X-Frame-Options, Referrer-Policy, and Permissions-Policy headers.
  • Sessions use short-lived JWT access tokens, validated server-side on every request, and refreshed transparently via secure HTTP-only cookies.

Tenant isolation

  • Every row in the database that holds workspace data is scoped by org_id. Route handlers enforce the scope through a single helper so a misbehaving endpoint can't leak across tenants.
  • Role-based access: owners, admins, members, viewers. Sensitive endpoints require the minimum necessary role.

Abuse prevention

  • Per-IP rate limits on signup, sign-in, and password reset endpoints.
  • Full audit log for administrative actions, retained for the life of the workspace.

Responsible disclosure

Found something? Email security@altaclario.com with details and a proof-of-concept. We aim to acknowledge within 1 business day and keep you updated through remediation.