OUTERCITE← Back to site

Legal

Security at Outercite

Our approach to protecting customer data. We're a young company — this page is a snapshot of where we are, not a certification claim we haven't earned.

Last updated:

1. Principles

  • Defence in depth. No single control is expected to hold; multiple layers of control cover each risk.
  • Least privilege. Access granted only as needed, reviewed on role change, revoked on exit.
  • Secure by default. New services ship with encryption, authentication, and logging on; opt-out requires an explicit decision and a reason.
  • Minimal data. Collect only what we need to operate. Drop or anonymise as soon as the business purpose ends.
  • Tell the truth. If something goes wrong, we tell affected customers promptly, in plain language, with a corrective action plan.

2. Infrastructure

Production runs on managed Linux hosts across two regions:

  • Sydney, Australia (Vultr) — primary application, database, cache, monitoring.
  • Europe (Hetzner) — background workers, job queue, prediction-engine compute.

The two regions are connected by a private WireGuard tunnel; internal services are not exposed to the public internet. The public web edge is fronted by Caddy with automatic TLS certificate management. Database is PostgreSQL 16 with encrypted connections and automated daily backups with 35-day rolling retention.

3. Encryption

  • In transit. TLS 1.2+ for all public and internal service-to-service traffic. Strict cipher suites enforced at the edge.
  • At rest. Full-disk encryption on production hosts. Sensitive database fields (API keys, OAuth tokens, wallet private keys) are additionally encrypted at the application layer with rotating keys.
  • Secrets. Environment-variable secrets are injected at runtime, never committed to source. Production secrets are kept in an access-controlled vault and rotated on a published schedule and after any suspected exposure.

4. Access control

  • SSO and MFA required for all engineer access to production.
  • SSH access restricted by key, IP allow-list, and deploy-user boundaries — no direct root shells.
  • Database access in production requires a break-glass procedure with audit logging; day-to-day work happens through an admin panel or migration tooling.
  • Role-based access control inside the app: agency – workspace – user scopes enforced at the data layer, not just the UI.
  • Regular access reviews after role changes or offboarding.

5. Monitoring and incident response

Metrics, logs, and traces feed into a self-hosted observability stack (Prometheus, Loki, Tempo, Grafana) with automated alerts for error rates, latency anomalies, failed logins, unusual egress, and worker queue saturation. Errors flow into Sentry / GlitchTip for triage.

When we detect a potential security incident, our response plan calls for triage within one hour, customer notification within 72 hours (or sooner where law requires), a public post-incident report for material issues, and a follow-up corrective-action review.

6. Data handling and retention

Retention periods and deletion guarantees are documented in the Privacy Policy. You can request export or deletion of your data at any time — see the Your rights section.

7. Vulnerability management

  • Dependencies are monitored by automated vulnerability scanners; patches are prioritised by severity and exploitability, not just CVSS score.
  • Static analysis and type-checking gate every merge to the main branch.
  • Pre-release deploys run an automated preflight that validates database migrations, worker readiness, third-party credential health, and cache consistency.
  • High-severity vendor advisories are triaged the same day; we use a supply-chain audit script to verify we are not on compromised package versions.

8. Responsible disclosure

If you think you've found a security vulnerability in Outercite, please let us know before disclosing it publicly. We commit to:

  • Acknowledge receipt within 2 business days.
  • Provide an initial assessment within 5 business days.
  • Keep you informed of progress to remediation.
  • Credit you publicly once the issue is fixed, if you wish.
  • Not pursue legal action against good-faith researchers following this policy.

Please do not: run automated scanners that generate significant load; access data belonging to other users; perform tests that could degrade availability; or publicly disclose before we've had a reasonable chance to fix.

Email reports to security@outercite.com. PGP key available on request.

9. Compliance roadmap

As a young company we are not yet independently certified against SOC 2, ISO 27001, or equivalent frameworks. Controls on this page are modelled on those frameworks and we are building toward formal audit as we scale. Customers with procurement requirements can request our current security questionnaire response or schedule a pre-audit review.

10. Contact

Security reports: security@outercite.com

Compliance / procurement: legal@outercite.com