Security Overview

Last updated March 2026

Architecture

ApplicationVercel (serverless Next.js), US
DatabaseNeon PostgreSQL, US-East-1 (AWS)
Error monitoringSentry (PII disabled)
EmailResend (transactional only)
AIAnthropic Claude API

All infrastructure runs on Vercel and AWS. No customer data is stored outside these providers.

Data Isolation (Multi-Tenancy)

Every database query is scoped by organization ID. No data is shared, aggregated, or visible between organizations. There is no global admin query or cross-org reporting capability.

A query that omits the organization scope returns zero results by design. Organization scoping is verified across all server action files and intelligence engines. Database indexes enforce organization ID as a leading key on all domain tables.

Authentication & Access Control

LoginEmail + password with bcrypt (12 salt rounds)
SessionsJWT with 7-day expiry, membership verified per request
Login throttling10 attempts per 15 minutes per account
Registration throttling5 per 15 minutes per IP
TransportHTTPS enforced — no HTTP fallback

Roles

OwnerAll actions: settings, roles, member management, data export
AdminSettings, SE management, sync triggers, data export
MemberRead-only dashboard access, SE-specific actions

Roles are checked at the server action level before any database operation.

Integration Security

Evivant operates in read-only mode with all connected systems:

SalesforceOAuth scopes: api, refresh_token, offline_access — queries only
Google CalendarOAuth scopes: calendar.readonly, calendar.events.readonly
GongAPI key (read scope) — call metadata only

Evivant never creates, updates, or deletes records in any connected system. Your source-of-truth systems remain untouched.

Token Encryption

All OAuth tokens (access and refresh) are encrypted at rest before database storage:

AlgorithmAES-256-GCM (authenticated encryption)
Key size256 bits
IV12 bytes, cryptographically random per operation
Auth tag16 bytes (prevents tampering)
StorageBase64-encoded IV + ciphertext + auth tag

Tokens are never logged, never exposed to the browser, and auto-refresh when they expire. If a refresh token is revoked, the sync fails with a clear error prompting reconnection.

Audit Trail

Setting changesWhich setting, by whom, metadata
Data exportsType (CSV/JSON/PDF), who initiated, record counts
Sync triggersManual triggers, user, result
User loginsAttempts (success/fail), session creation

Audit entries cannot be modified or deleted. The log is retained for the lifetime of the organization and is viewable by Admins and Owners.

Data Export & Portability

Admins can export all organization data as JSON at any time from Settings. This includes opportunities, activities, scores, evaluations, and configuration. Pipeline data supports CSV export. Reports support PDF/print export. There is no vendor lock-in.

Error Handling

Sentry captures errors with 100% sampling rate. PII is disabled. Sensitive headers (authorization, tokens, cookies) are scrubbed from reports. Application logs scrub 21 sensitive key patterns before output.

Database Security

ProviderNeon PostgreSQL (managed)
ConnectionSSL/TLS required
ORMPrisma — parameterized queries only, no raw SQL
SQL injectionEliminated by exclusive use of ORM
BackupsNeon managed with point-in-time recovery

Rate Limiting

Login10 per 15 min (per account)
Registration5 per 15 min (per IP)
Manual sync3 per 5 min (per organization)
Data export5 per 5 min (per organization)

Subprocessors

VercelApplication hosting — data in transit
NeonDatabase hosting — all stored data
SentryError monitoring — error context (no PII)
ResendEmail delivery — recipient, notification content
AnthropicAI summaries — deal context (no credentials)

Compliance Roadmap

Multi-tenant isolationImplemented
Token encryption (AES-256-GCM)Implemented
HTTPS in transitEnforced
Audit trailImplemented
Full data exportImplemented
Read-only integrationsArchitecture-level
GDPR-ready architectureImplemented
SOC 2 Type IIPlanned

Contact

For security questions or to report a vulnerability: hello@evivant.io