Security and trust
Controls for sensitive warranty operations.
Warrantee handles warranties, claims, documents, integrations, and payments. The platform is designed around isolation, auditability, and minimizing data exposure.
CI
Required
Production gates
Active
External pentest
Execution-ready
Authentication and session boundaries
Account and dashboard pages are protected routes, with password recovery and session refresh kept inside controlled flows.
User and tenant isolation
Warranty, claim, and document access is scoped around owner and team boundaries, with production RLS probes in the release gate.
Scoped API integration tokens
API / CLI / MCP integrations use integration tokens instead of usernames and passwords, with scopes and rate limits.
Document and OCR safety
Files pass extension, MIME, and PDF-risk checks, while OCR corpus gates protect extraction changes from regressions.
Payment integrity
Stripe relies on signed webhooks and production readiness checks to prevent untrusted payment-state changes.
Production monitoring
Changes pass CI and Production Security Gates covering smoke, RLS, operational readiness, E2E, and controlled load checks.
Clear operating commitments
This page explains current controls, not a third-party compliance certification. It should be updated after the external pentest report.
We do not ask integrators to share user passwords.
Private account and warranty pages are excluded from the sitemap.
A page load or screenshot alone is not treated as release proof.
Enterprise expansion should include an external penetration test before larger rollouts.