Security Overview
Security controls and disclosure process for Visibility Engine.
Security Controls
- HTTPS-only transport and strict security headers on application routes.
- Scoped OAuth flows with state validation and provider-specific callback checks.
- Session and token storage in managed platform services with explicit TTL rules.
- Administrative route protection using bearer auth and service-binding checks.
- Operational logging and diagnostics for incident response.
Data Protection Practices
- Least-privilege integration model: users connect only the providers they choose.
- User-facing disconnect controls to terminate OAuth access on demand.
- Rate limiting and abuse guards on public endpoints.
Disclosure and Contact
Security reports: privacy@clodo.dev.
Disclosure policy: /.well-known/security.txt.