01
Encryption
All network traffic is TLS 1.2 or higher. Data at rest is encrypted with AES 256. Provider credentials and API keys are encrypted with a rotating envelope key.
Security is the feature that makes every other feature worth using. This page documents our posture, the controls we run, and how to report a vulnerability.
All network traffic is TLS 1.2 or higher. Data at rest is encrypted with AES 256. Provider credentials and API keys are encrypted with a rotating envelope key.
Role based access control in the app, scoped API keys, and least privilege within our infrastructure. Production access requires SSO and hardware keys.
Every write in the app emits a typed event with actor, IP and request id. 13 months of hot retention. Production alerts route to a paging rotation 24 by 7.
Report security issues to security@tunireach.com. We triage within 24 hours, patch within 7 days for critical severity, and credit researchers in the release notes with their consent.