Security posture

Defense-in-depth, and we’ll show you the receipts.

Zero-trust access, layered authentication, rotating credentials, a tamper-evident audit trail, and per-tenant rate limiting protect every request to the production memory surface. The certifications we don’t hold yet are listed below, in plain language — not buried in a data room.

1. How we protect production access

Four gates, not one.

A single compromised layer should never be enough on its own. Every request clears identity, transport, and origin checks in sequence.

Zero-trust edge

Every request to production clears an identity-aware access policy at the edge before it reaches application logic — nothing gets a free pass on network location alone.

Defense in depth

A second, independent authentication check runs at the origin. A single misconfigured layer does not hand over access on its own.

30-day credential rotation

Credentials with access to production rotate automatically on a 30-day cycle, so a leaked credential has a short window instead of a long one.

No public listener

Production has no direct public network path. Connections originate outbound, over an authenticated tunnel, to the edge — not the other way around.

2. Encryption

Protected in transit, protected at rest.

Encrypted in transit

Every request to production is encrypted end to end with TLS. There is no plaintext path to the origin.

Encrypted at rest

Production data lives on our cloud storage platform, which encrypts stored data at rest by default.

Secrets stay out of logs

Access identifiers are recorded for audit purposes; the underlying secrets and tokens themselves are never written to a log. This is enforced with an automated check, not a policy on paper.

3. Tamper-evident audit trail

The receipt behind everything else on this page.

An audit trail is only useful if it can’t be quietly rewritten. Ours is designed to fail loudly the moment something doesn’t check out.

01

Every action is recorded

Consequential actions are written to a single, append-only audit log the moment they happen.

02

Records are chained together

Each entry is cryptographically linked to the one before it, so tampering with any record breaks the chain forward of that point.

03

Corruption fails loud, not quiet

If the chain is ever damaged, the system stops and flags it rather than silently starting a new chain and rendering an all-clear.

4. Rate limiting & isolation

One noisy tenant can’t take down another.

Per-tenant rate limits

Usage limits are enforced per credential, not by network address — so one noisy or compromised connector can’t exhaust a shared budget.

Independent buckets

One tenant hitting its limit has no effect on another tenant’s traffic. A problem in one workspace stays contained to that workspace.

5. Certifications & assurance

What we hold today, and what’s ahead.

We are an early-stage company and don’t yet hold a SOC 2 report, ISO 27001 certification, FedRAMP authorization, or a published third-party penetration test. There is no 24/7 on-call rotation today — response is best-effort. We would rather state that plainly here than have it surface for the first time in a procurement review.

Those audits and certifications are the next things we fund as we take on enterprise and federal engagements — the control posture on this page (zero-trust access, credential rotation, tamper-evident audit logging) was built to be assessment-ready when that time comes.

6. Report a vulnerability

Found something? Tell us before anyone else.

Email security@griff.run with a description, reproduction steps, the affected URL or artifact, and any timeline constraints we should respect. We’ll acknowledge receipt, work the issue in good faith, and credit you in any public remediation note unless you’d rather stay anonymous. We don’t currently run a paid bug bounty, and we won’t pursue legal action against good-faith research that respects the boundaries below.

Ground rules

  • · Don’t access, modify, or exfiltrate data that isn’t yours.
  • · Don’t run automated scanners at a volume that meaningfully load-tests production.
  • · Give us a reasonable window to remediate before public disclosure — 90 days is our baseline.

Deeper evidence, under NDA

Qualified reviewers can go further than this page.

Production identity, messaging, billing, and partner-integration evidence are documented for qualified security and procurement reviewers under NDA. For procurement-grade control mapping and supply-chain detail, see /federal. For our full external review history, see /trust.