Security

Approach

CepPro is designed with account isolation and role-based workflows so each workspace can manage its own operational data separately. The controls below describe the protections that are in place today.

Security controls

CepPro applies the following controls across the platform:

• Authentication: account credentials are managed through a hosted authentication service; passwords are not stored in plain text.
• Workspace isolation: every workspace's records are scoped to its own business account, so a workspace can only see and edit its own data.
• Role-based access: admin, manager, and worker roles control which users can perform which actions inside a workspace.
• Row Level Security: database policies enforce tenant scoping at the data layer in addition to application checks.
• Transport security: traffic to CepPro uses HTTPS where the deployment platform provides it.
• Payment data: CepPro does not store full credit card numbers; payments are processed by a payment provider.
• Audit and logging: security-relevant events are logged for review and incident response.

Workspace owner responsibility

Workspace owners and administrators are responsible for using strong credentials, managing user access, and ensuring that data entered into CepPro is collected and used lawfully.

Responsible disclosure

If you believe you have found a security issue, please email security@ceppro.net with details and steps to reproduce. We appreciate responsible disclosure and will respond as quickly as we can.

Limits and honesty

No service is 100% secure. CepPro does not currently hold third-party security certifications such as SOC 2, ISO 27001, PCI DSS, or HIPAA. We will update this page if and when external certifications are obtained.