Encryption
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Passwords are stored as bcrypt hashes and are never stored in plain text.
Access control
LiftGrid uses role-based access control (RBAC). Each team member is assigned a specific role with permissions limited to what they need. Admin access to production systems is restricted to authorized personnel only.
Multi-tenant isolation
Each customer account (tenant) is isolated at the database row level. No customer can access another customer's data. Tenant scoping is enforced at the application layer on every query.
Audit logging
All significant actions within the platform are logged with a timestamp, user, and affected record. Audit logs are available to account administrators and are retained for compliance purposes.
Session security
Sessions are managed via Redis with HTTP-only, secure cookies. Sessions expire after inactivity and are invalidated on sign-out. Login attempts are rate-limited to protect against brute-force attacks.
Network & infrastructure
The platform sits behind Cloudflare's Web Application Firewall (WAF) for DDoS mitigation and request filtering. Servers are hosted on Hetzner in Germany (EU). Network access to production databases is restricted by IP allowlist.
Backups
Database backups are taken regularly and encrypted. Backups are tested periodically to verify recoverability. Backup retention follows our data retention policy.
Vulnerability disclosure
If you discover a security vulnerability, please report it responsibly. Do not exploit it or disclose it publicly before we have had a chance to address it.
- Email: [email protected]
- Security disclosure file: /.well-known/security.txt
Incident response
In the event of a data breach affecting customer data, we will notify affected customers as required by applicable law (within 72 hours for GDPR-covered events, as soon as reasonably practicable for others). Notification will include the nature of the breach, affected data categories, likely consequences, and steps taken.
See also: Sub-processors · Data Processing Agreement.