Launch readiness

Security Overview

Current and planned controls for protecting accountable inventory records and evidence.

Legal-review baseline is complete. Customer-specific terms, regulated-data use, pricing, and product claims should stay aligned with approved legal guidance.

Current Security Controls

CustodyForge already includes several product-level controls that support accountable operations.

  • Role-based access controls for app sections and sensitive actions.
  • Private evidence storage through authenticated app routes.
  • Evidence access audit logging for sensitive photo review.
  • Browser hardening headers for clickjacking resistance, content-type protection, strict referrer handling, restricted device permissions, and HSTS.
  • CSP report collection through a payload-limited endpoint so browser policy findings can be reviewed before enforcement.
  • Stripe checkout and billing portal throttles that slow repeated automated attempts before payment-provider calls are made, with shared-store support for production scaling.
  • Protected billing preflight checks that verify Stripe settings and Price IDs without creating a checkout session or charge.
  • Public launch self-checks verify health, security headers, CSP report intake, robots controls, protected billing preflight, and entitlement proof without exposing secrets.
  • Signed Stripe webhooks and provider callback secrets for external event verification.
  • Local productivity tools that do not send workspace data to an external AI service.
  • Admin-only areas for users, templates, and integrations.

Production Security Review

CustodyForge tracks security readiness inside the admin app so launch controls are visible instead of hidden in code.

  • Audit log retention, role-review cadence, incident response contact, and upload validation are managed as readiness gates.
  • Tenant isolation, defensive access-row filtering, backup readiness, production monitoring, billing readiness, and authentication provider readiness are tracked before broad paid rollout.
  • CSP is currently report-only so collected browser behavior can be reviewed before enforcement is tightened.

Production Configuration Gates

Some security controls depend on the live hosting, authentication, storage, billing, and monitoring accounts being configured before paid customer data is accepted.

  • Production authentication requires Clerk hosted-domain or proxy review, required company and user claims, and dated session verification.
  • Evidence storage requires a private production Blob token before customer photos or documents are stored.
  • Monitoring requires alert routing, an incident owner, a health check, and protected capture proof.
  • Billing requires live Stripe webhook events, Price IDs, entitlement schema proof, and a successful preflight check before paid checkout is trusted.
  • A formal third-party penetration test or enterprise security review should be scheduled before larger-company rollout, including AI-assisted scanning and credential abuse review.

Security Contact

Security questions and suspected vulnerabilities can be sent through the verified CustodyForge email domain.

  • Security: security@custodyforge.com
  • Support: support@custodyforge.com