Data Security
- AES-256 encryption for all data at rest in Neon PostgreSQL
- TLS 1.2+ enforced on all connections — no plaintext HTTP
- Application credentials only — no shared DB credentials
- Parameterized SQL queries — no SQL injection risk
- Encrypted credentials via AES-256-GCM for third-party integrations
- API secrets stored encrypted, never logged in plaintext
Encryption at Rest
All customer data stored in Neon PostgreSQL is encrypted at rest using AES-256. Encryption keys are managed by our infrastructure provider. Database-level encryption protects against physical drive theft and unauthorized backend access.
Encryption in Transit
Every connection to RollForge uses TLS 1.2 or higher. All HTTP endpoints redirect to HTTPS. No plaintext data ever transits our network. Third-party integrations (Stripe, Plaid, QBO, Xero) communicate exclusively over encrypted channels.
Access Control
Role-Based Access Control (RBAC)
Three roles enforce strict least-privilege access: Admin (full access + billing), Member (full data access, no billing), Viewer (read-only, scoped to assigned views). Portco-level scoping prevents cross-company data visibility.
Multi-Factor Authentication (MFA)
Email-based MFA is available for all accounts. TOTP authenticator apps (Google Authenticator, Authy, etc.) supported. Admins can enforce MFA org-wide from account settings. Trusted device cookies reduce friction on recognized devices.
Session Security
256-bit cryptographically random session tokens stored as HttpOnly, secure cookies. 30-day session expiry with activity-based sliding window. Sessions are invalidated on logout. Device trust system allows recognized devices to skip MFA.
Audit Logging
Login events, data access, and configuration changes are logged at the application level. Access logs are retained for security investigation and compliance purposes. Cross-portco access attempts are explicitly blocked and logged (access_audit_log table).
Infrastructure
Hosted on Render
Application deployed on Render, which maintains SOC 2 Type II certification. Render provides automated SSL certificate management, DDoS protection, and managed container infrastructure. Auto-scaling based on load. 99.9% uptime SLA.
Database — Neon PostgreSQL
Primary database on Neon, which holds SOC 2 Type II certification. Neon provides automated branching, point-in-time recovery, and managed encryption. RollForge maintains backup snapshots for disaster recovery.
- CDN-level protections via Render's global edge network
- DDoS mitigation built into Render's infrastructure
- Automated SSL via Let's Encrypt (auto-renewal)
- Environment variables stored in Render's encrypted secret manager
- Separate credentials per environment (no dev/prod credential reuse)
- No secrets in code or configuration files
Compliance
Data Processing Agreement (DPA)
Enterprise accounts requiring a signed DPA can contact us at security@rollforgeops.ai. We will respond within 2 business days and execute NDAs as needed for vendor questionnaires and security reviews.
Incident Response
72-Hour Breach Notification
If a confirmed security breach affects your Customer Data, RollForge commits to notifying affected customers within 72 hours of confirmation. Notifications include: what data was affected, how the breach occurred, and steps we're taking to contain and remediate it.
Incident Contact
Report security vulnerabilities, suspected breaches, or access anomalies to security@rollforgeops.ai. Include a description of the issue and any steps to reproduce. We acknowledge within 24 hours and provide a status update within 5 business days.
Business Continuity
Disaster recovery: Neon point-in-time recovery allows restoration to any moment in the past 30 days. Application state: health-watcher cron monitors service availability and sends alerts to the ops team if the app becomes unreachable. Data retention: customer data is retained through subscription period plus 30-day grace period after cancellation.
Third-Party Vendors
| Vendor | Purpose | Security Posture |
|---|---|---|
| Render | Application hosting, SSL, DDoS protection | SOC 2 Type II certified. Manages infrastructure security. |
| Neon | PostgreSQL database hosting | SOC 2 Type II certified. AES-256 at rest. Managed encryption keys. |
| Stripe | Payment processing | PCI DSS Level 1 certified. Card data never touches RollForge servers. |
| Plaid | Bank account linking (read-only) | SOC 2 Type II certified. Credentials encrypted client-side. Plaid tokens stored encrypted (AES-256-GCM) by RollForge. |
| Postmark | Transactional email delivery | SOC 2 Type II. Transactional-only (no marketing). DKIM/SPF configured. |
| OpenAI (via Polsia proxy) | AI-powered features: financial analysis, report generation | Customer data submitted for AI processing is not retained by OpenAI for model training. Polsia acts as the data processor. |
| QuickBooks Online | Accounting integration (optional) | Read-only OAuth integration. Credentials stored encrypted. Only accessed when customer enables the connection. |
| Xero | Accounting integration (optional) | Read-only OAuth PKCE integration. Credentials stored encrypted. Only accessed when customer enables the connection. |
We will update this list when vendors change. Material changes will be communicated via email with 30 days' advance notice.
Security Questions or Concerns?
Contact us at security@rollforgeops.ai. We respond to all security-related inquiries within 2 business days. For urgent incidents, include "URGENT" in the subject line.