Security

Our Security Commitment

At Teravictus, security is our top priority. We implement industry-standard security measures to protect your data and ensure the integrity of our Zendesk-Slack integration service. This page outlines our security practices and the measures we take to keep your information safe.

Data Encryption

Encryption in Transit

• TLS/SSL Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
• API Communications: All integrations with Zendesk, Slack, and other third-party services use encrypted HTTPS connections
• No Plaintext Transmission: Sensitive credentials and authentication tokens are never transmitted in plaintext

Encryption at Rest

• AES-256 Encryption: OAuth tokens, API keys, and other sensitive credentials are encrypted at rest using AES-256 encryption
• Database Encryption: Our Supabase database uses encryption for data storage
• Secure Key Management: Encryption keys are stored separately from encrypted data and rotated regularly

Authentication & Access Control

User Authentication

• Secure Authentication: Powered by Supabase Auth with industry-standard security practices
• Password Requirements: Strong password policies enforced during registration
• Session Management: Secure session tokens with automatic expiration
• OAuth Integration: Secure OAuth 2.0 flows for Zendesk and Slack connections

Access Controls

• Role-Based Access: Multi-tenant architecture with organization-level isolation
• Least Privilege Principle: Users and API tokens are granted only necessary permissions
• Service Account Isolation: Separate service accounts for different system components

Data Protection Practices

Minimal Data Storage

We follow a data minimization approach:

• No Ticket Content Storage: We process Zendesk ticket content in real-time but do not permanently store it
• Metadata Only: We only retain metadata necessary for service functionality (ticket IDs, timestamps, etc.)
• Automatic Deletion: User data is automatically deleted 90 days after account termination

Secure Credential Storage

• OAuth Tokens: Zendesk and Slack tokens are encrypted and stored in secure database fields
• API Keys: Service API keys are stored as environment variables, never in code
• No Password Storage: We use OAuth flows and don't store Zendesk or Slack passwords

Data Isolation

• Multi-Tenant Architecture: Each organization's data is logically isolated
• Row-Level Security: Database policies ensure organizations can only access their own data
• Separate Workspaces: No data sharing between different customer organizations

Infrastructure Security

Cloud Infrastructure

• Supabase Platform: Enterprise-grade database and authentication infrastructure
• Vercel Hosting: Secure, scalable hosting with automatic HTTPS
• DDoS Protection: Built-in protection against distributed denial-of-service attacks
• Automatic Backups: Regular database backups with point-in-time recovery

Network Security

• Firewalls: Network-level firewalls protect our infrastructure
• IP Whitelisting: Database access restricted to known IP addresses
• API Rate Limiting: Protection against brute force and abuse attempts

Application Security

Secure Development Practices

• Code Reviews: All code changes are reviewed for security issues
• Dependency Scanning: Regular scans for vulnerable dependencies
• Input Validation: Strict validation and sanitization of all user inputs
• Output Encoding: Protection against XSS (cross-site scripting) attacks
• SQL Injection Prevention: Parameterized queries and ORM usage

Security Headers

• Content Security Policy (CSP)
• HTTP Strict Transport Security (HSTS)
• X-Frame-Options for clickjacking protection
• X-Content-Type-Options to prevent MIME sniffing

Monitoring & Incident Response

Security Monitoring

• Real-Time Alerts: Automated alerts for suspicious activities
• Access Logging: Comprehensive logging of system access and changes
• Error Tracking: Monitoring for application errors and anomalies
• Performance Monitoring: Detection of unusual traffic patterns

Incident Response

In the event of a security incident:

• Immediate Action: We will immediately investigate and contain any security breach
• User Notification: Affected users will be notified within 72 hours
• Remediation: We will take steps to prevent similar incidents
• Documentation: Incidents are documented for future prevention

Third-Party Security

Trusted Partners

We work with security-conscious third-party providers:

• Supabase: SOC 2 Type II compliant database and auth platform
• Dodo Payments: PCI DSS compliant payment processing
• Zendesk & Slack: Enterprise-grade security from integration partners
• Google Cloud (Gemini AI): Secure AI processing with data privacy controls

Vendor Assessment

We evaluate third-party vendors for:

• Security certifications and compliance standards
• Data handling and privacy practices
• Encryption capabilities
• Incident response procedures

Compliance & Certifications

While we don't currently hold formal security certifications, we implement industry-standard practices aligned with:

• GDPR: General Data Protection Regulation principles for EU data protection
• CCPA: California Consumer Privacy Act requirements
• OWASP Top 10: Protection against common web application vulnerabilities
• OAuth 2.0 Standard: Secure authorization framework for third-party integrations

Your Security Responsibilities

Security is a shared responsibility. You should:

• Use Strong Passwords: Choose unique, complex passwords for your account
• Protect Your Credentials: Never share your login information
• Monitor Access: Review your organization's user access regularly
• Report Suspicious Activity: Contact us immediately if you notice anything unusual
• Keep Integrations Current: Ensure Zendesk and Slack OAuth tokens remain valid
• Revoke Unused Access: Remove team members who no longer need access

Reporting Security Issues

If you discover a security vulnerability or have security concerns, please report them immediately:

Security Updates

We continuously improve our security posture:

• Regular Updates: Dependencies and frameworks are kept up to date
• Security Patches: Critical security patches are applied immediately
• Ongoing Monitoring: Continuous evaluation of emerging threats
• Security Advisories: Users will be notified of significant security changes