Security
Trust is built into the boring stuff.
Coodra is early, but security cannot wait for the product to grow up.
Security overview
Coodra handles operational retail data, account access, connector permissions, and recommendation context. The product is early, but the security posture cannot be treated like a later chore with a nicer font.
Threats and controls
Controls that are live
Account authentication
Users sign in through protected account flows before Coodra resolves dashboard access.
Short-lived dashboard sessions
Protected dashboard requests use backend-issued access, not client-provided retailer overrides.
Tenant isolation and role checks
Server-side claims, roles, and row-level security decisions keep retailer context scoped.
Encrypted connector credentials
Provider tokens are encrypted before persistence and never belong in frontend code.
Shared rate limiting
Sensitive backend paths use shared limits. Public forms and auth edges have additional guardrails.
Network edge protection
Public domains sit behind an edge layer, and API responses are configured to avoid stale cached data.
Sanitized error monitoring
Application errors are monitored with private data collection disabled and release attribution configured.
Consent-gated product analytics
Analytics starts after consent and uses allowlisted events, not retailer operating data.
Connector certification
Refresh, revocation, single-use state, PKCE, and provider matrices are tracked before self-serve promotion.
Encrypted off-site backups
The backup workflow and restore drill are prepared. Activation is deferred until billing is ready.
Controls still being matured
Connector certification and encrypted off-site backups remain tracked work. The backup workflow is prepared, but activation is intentionally deferred until billing is ready. Leaked-password protection is also deferred until the account plan supports it.