Security

Person Trail is built with security at every layer. We protect your crew schedules, client data, and business information with enterprise-grade encryption, access controls, and monitoring. This page describes the technical measures we use to keep your data safe.

Encryption

In transit: All connections to Person Trail use TLS 1.2 or higher. We enforce HSTS with a two-year max-age and preload directive, ensuring browsers always connect over HTTPS.

At rest: Sensitive credentials (OAuth tokens for Google Calendar, QuickBooks, and DocuSign integrations) are encrypted using AES-256-GCM with authenticated encryption. Encryption keys are stored separately from the database and are never committed to source control.

Passwords: User passwords are hashed using bcrypt with a cost factor of 12. We never store plaintext passwords. Password history is tracked to prevent reuse of the last five passwords.

API keys: API keys are hashed with SHA-256 before storage. Only the key prefix is retained for identification. The full key is shown once at creation and cannot be retrieved afterward.

Authentication

• Multi-factor authentication (MFA): TOTP-based two-factor authentication with authenticator app support and backup recovery codes.
• Account lockout: Accounts are locked for 30 minutes after 10 consecutive failed login attempts.
• Magic links: Passwordless sign-in via single-use, time-limited email links (15-minute expiry).
• Google OAuth: Sign in with Google for organizations that use Google Workspace.
• CAPTCHA protection: Cloudflare Turnstile on login and signup forms to prevent automated attacks.
• Super admin passwords: Platform administrators require a minimum of 16 characters with full complexity requirements.

Access Control

Person Trail uses a four-tier role-based access control (RBAC) system:

• Owner: Full access including billing, organization settings, and data management.
• Admin: Full dashboard access except billing and organization deletion.
• Coordinator: View and edit jobs, schedules, and templates.
• Crew Member: Portal-only access to assigned jobs and personal settings.

All data is scoped by organization. Every database query enforces organizationId at both the route layer and service layer (defense-in-depth), preventing cross-tenant data access.

Audit Logging

Person Trail maintains a comprehensive audit trail of all significant actions:

• 70+ auditable action types covering authentication, data changes, integrations, and admin operations.
• Each log entry records the user, action, resource, organization, IP address, and timestamp.
• Audit logs are protected by a SHA-256 hash chain for tamper detection. Each entry is cryptographically linked to the previous entry, making unauthorized modifications detectable.
• Configurable retention by subscription tier (7 to 365 days). Legal hold prevents log deletion for organizations under compliance review.

API Security

• Rate limiting: All API endpoints are rate-limited using distributed rate limiting (Upstash Redis) with per-instance fallback. Sensitive operations have stricter limits.
• SSRF protection: Webhook URLs are validated against private IP ranges (127.x, 10.x, 172.16-31.x, 192.168.x) with DNS resolution checks before registration.
• Webhook signatures: All webhook deliveries include an HMAC-SHA256 signature header for payload verification.
• Input validation: All API inputs are validated with Zod schemas. User-generated HTML is sanitized with DOMPurify using a strict element allowlist.
• CSRF protection: SameSite cookie enforcement and CSRF token validation on state-changing requests.

Security Headers

Every response includes the following security headers:

• Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
• X-Frame-Options: DENY (prevents clickjacking)
• X-Content-Type-Options: nosniff
• Content-Security-Policy: Restrictive policy with frame-ancestors 'none'
• Permissions-Policy: Camera, microphone, and geolocation disabled by default.
• Referrer-Policy: strict-origin-when-cross-origin

Infrastructure

Person Trail runs on managed, enterprise-grade infrastructure:

• Application hosting: Vercel Edge Network with global CDN, automatic DDoS protection, and TLS termination.
• Database: Neon PostgreSQL (US East region) with encryption at rest, automated daily backups, and point-in-time recovery.
• File storage: Vercel Blob with managed encryption for uploaded documents and images.
• Error monitoring: Sentry with source maps hidden from public access. Logs are PII-safe (email addresses are automatically redacted).

Compliance

• GDPR: Full support for data subject rights including data export (Article 20) and account deletion with anonymization (Article 17). 30-day retention before permanent deletion.
• Data Processing Agreement: Available at /dpa for organizations that require one.
• Cookie consent: Granular cookie preferences with opt-in analytics.
• SOC 2: We are building toward SOC 2 Type I certification. Our controls are designed to meet the Trust Service Criteria for Security, Availability, and Confidentiality.

Incident Response

In the event of a data breach or security incident:

• Affected organizations are notified within 72 hours per GDPR Article 33.
• Breach notifications include: what happened, what data was affected, actions taken, and recommended steps.
• Our platform includes a built-in breach notification system for immediate, organization-wide communication.

Sub-processors

We use the following third-party services to deliver Person Trail. Each processes data only as necessary for its stated purpose:

For complete sub-processor details and data processing terms, see our Data Processing Agreement.

Responsible Disclosure

If you discover a security vulnerability in Person Trail, we ask that you disclose it responsibly. Please report vulnerabilities to [email protected]. Our security.txt file provides additional contact information.

We commit to acknowledging reports within 48 hours and working with reporters to understand and resolve issues before any public disclosure.