Organization-scoped data access
Implemented as part of the MVP security baseline and dashboard workflow.
Scoped monitoring, careful defaults, and revocable client proof.
Norevin is built for agencies that handle customer workflow data and need reliable proof without over-collecting sensitive payloads.
API keys hashed with a server-side pepper
Implemented as part of the MVP security baseline and dashboard workflow.
Raw payload storage off by default
Implemented as part of the MVP security baseline and dashboard workflow.
Encrypted alert destinations
Implemented as part of the MVP security baseline and dashboard workflow.
Revocable report share links
Implemented as part of the MVP security baseline and dashboard workflow.
Public security.txt contact
Implemented as part of the MVP security baseline and dashboard workflow.
Rate limits on sensitive actions
Implemented as part of the MVP security baseline and dashboard workflow.
Tenant isolation
Console pages and actions resolve data through the signed-in user's organization membership before returning client, workflow, report, or incident records.
Safe workflow signals
Checkpoint events prove workflow progress without requiring raw automation payload storage by default.
Client-safe reports
Reliability reports are generated from bounded summaries and can be revoked when a shared link should no longer work.
Security contact
Report security concerns without sending secrets.
Send suspected vulnerabilities, abuse, or data exposure concerns to founders@norevin.com. Norevin also publishes a machine-readable security contact at /.well-known/security.txt.
Post-login safeguards
Open securityReview account security from the console.
Signed-in owners can review account safeguards, password recovery, billing access, and workspace controls from the dashboard.