Security

⛟ Infrastructure

• Database: Neon Postgres with encryption at rest (AES-256) and in transit (TLS 1.2+)
• Hosting: Railway with isolated containers per deployment
• Transport: TLS/HTTPS enforced on all endpoints — no plaintext connections accepted

⚿ Authentication

• OAuth tokens encrypted at rest in the database
• Session tokens expire after 8 hours — no long-lived browser sessions
• API keys generated using crypto.randomBytes() (cryptographically secure random)
• Google OAuth and Email OTP supported for user authentication

✓ Webhook Verification

All incoming webhooks (Attio, HubSpot, Stripe) are verified using HMAC-SHA256 signature validation. Each workspace has its own webhook secret — a compromised secret only affects one tenant.

⚖ Data Isolation

Multi-tenant architecture with strict workspace-level isolation. Every database query is scoped by workspace_id. There is no pathway to access another workspace's data — queries that omit the workspace scope will return empty results, not cross-tenant data.

♦ Audit Trail

Commission events are stored in an immutable, append-only ledger. Corrections are recorded as compensating events — nothing is deleted or overwritten. Every calculation is traceable to the source deal, plan version, and rule that produced it.

☍ CRM Permissions

CompCode requests the minimum OAuth scopes necessary:

• Attio: Read deals, deal owners, workspace members, record attributes
• HubSpot: crm.objects.deals.read, crm.objects.owners.read, crm.schemas.deals.read

Write-back to your CRM (e.g., writing commission amounts to deal records) is optional and off by default.

★ Compliance

CompCode is working toward SOC 2 Type II certification. Our architecture — immutable ledgers, encrypted storage, workspace isolation, and minimal permissions — is designed from the ground up with SOC 2 controls in mind.