Security

This page summarises how Cadenance protects customer data. For detailed security questionnaires or to report a security issue, contact security@goldenance.com.

Authentication

• Bearer-token authentication using signed JSON Web Tokens. Tokens encode user identity and tenant scope and are validated on every authenticated API request.
• Login attempts are rate-limited per IP and email to slow credential-stuffing attempts; signup attempts are rate-limited per IP. Rate-limit events are written to the tenant audit log.
• Multi-factor authentication is not yet available. It is on the roadmap and will be added before features that handle higher-sensitivity workflows.

Tenant isolation

Cadenance is a multi-tenant service. Every database query that reads or writes tenant data is scoped by the tenant identifier carried in the authenticated request token; that scoping is enforced at the dependency-injection layer and covered by cross-tenant negative tests in our continuous-integration pipeline.

Encryption

• In transit: TLS for all client-to-Cadenance and Cadenance-to-third-party traffic.
• At rest: database-level encryption configuration to be confirmed against the production hosting provider before launch.
• Integration secrets: Shopify access tokens are encrypted at the application layer using Fernet (AES-128-CBC with HMAC-SHA256) before being written to the database, with a key-id field on each row to support key rotation.

Webhook integrity

• Stripe webhooks are verified with the Stripe signature header before any handler runs, and deduplicated by Stripe event id to ensure that retries cannot cause duplicate side effects.
• Shopify webhooks are verified with HMAC-SHA256 against the app secret before any handler runs.

Auditability and data export

• Workspace administrators can review per-tenant audit logs in the app and export them as CSV. The log records security events (logins, rate-limit hits, membership changes) and material business operations (uploads, brief sends, plan generations).
• Customer data can be exported via the in-app data and planning endpoints (CSV / PDF formats). Bulk export or programmatic extraction beyond what is exposed in-app is available on request.
• Self-serve account deletion is not yet available. Deletion and data return requests are handled within the timeline agreed in the Data Processing Addendum — contact privacy@goldenance.com.

Vulnerability management

Source dependencies are monitored for known vulnerabilities on every continuous-integration run; advisories are triaged against actual code-path applicability rather than being suppressed in bulk. Static analysis (linting and type checking) gates every change.

Hosting and subprocessors

Hosting region and database provider details are confirmed contractually with the Data Processing Addendum. The full roster of third-party service providers is published at /privacy/subprocessors.

Incident response

Confirmed personal-data breaches affecting customers are notified in accordance with the timelines set in the Data Processing Addendum and applicable law (including the GDPR Article 33 72-hour notification window where it applies). Report a suspected security issue to security@goldenance.com.