Security overview
Authentication
Doxus uses SuperTokens for authentication, session handling, password reset, and email verification flows.
Tenant isolation
Tenant-scoped routes, service logic, and database access are designed around workspace boundaries and explicit authorisation checks.
Encryption in transit
Browser and service connections use transport encryption where configured by the hosting, edge, and provider stack.
Encryption at rest
Stored data protection depends on the managed infrastructure, database, storage, backup, and provider configuration in use.
Secrets
Production secrets are intended to be managed outside source code and delivered through controlled deployment configuration.
Logging and scrubbing
Application logging is expected to avoid sensitive values and reduce customer content in diagnostics where practical.
Incident response
Security events are triaged through operational review, provider logs, error monitoring, and customer communication where required.
Backups
Backup and restore behaviour depends on managed database and storage configuration, operational runbooks, and retention settings.
Access controls
Administrative access is intended to be limited to authorised operators with a need to support, secure, or maintain the service.
Vulnerability contact
Security concerns can be reported to security@doxus.app with enough detail for investigation.
Limitations
This page is a trust overview. It does not claim external audit status or a specific assurance framework.