Docs
Security
Security
Security practices, protections and governance in viewfoot.
Security
Principles
- Defense in depth
- Minimum necessary access
- Explicit boundaries & auditability
- Privacy-by-design
Controls
| Domain | Control |
|---|---|
| Auth | OAuth + short-lived sessions + rotation |
| Data | At-rest AES-256, TLS 1.3 in transit |
| Access | Role / scope based policy engine |
| Audit | Immutable event trail + anomaly flags |
| Isolation | Namespaced tenancy boundaries |
Application Layer
- Secure headers & strict CSP
- Rate limiting & abuse detection
- Input validation & schema enforcement
Infrastructure
- Segmented networks & least-privilege IAM
- Continuous vulnerability scanning
- Automated patch & dependency review
Data Governance
- Retention policies per entity class
- Subject access & erasure workflows
- Encryption key lifecycle management
Incident Response
- 24/7 monitoring pipeline
- Defined escalation runbooks
- Postmortem with corrective action tracking
Security is an ongoing discipline embedded in our engineering process.