Policies
Asset Management Policy
Effective date: TODO — set on legal approval
AI draft— pending legal & owner review; not legally binding.
1. Purpose and Scope
This Asset Management Policy defines how Persoon.ai Inc. identifies, inventories, protects, and retires the assets that make up the ShipReady Metrics platform. An asset here is anything whose loss, exposure, or unmanaged change would harm the service or its customers: infrastructure, source code, credentials, data stores, and the customer-connected data sources the product reads.
This policy applies to all production assets and to all personnel who operate them. It complements the Data Classification Policy (what tier each asset's data belongs to) and the Data Retention Policy (how long asset data lives).
2. Platform Asset Inventory
The platform is built on a small, deliberate set of managed services and version-controlled artifacts. The core inventory is:
| Asset | What it is | Where it is tracked |
|---|---|---|
| Application hosting | Next.js application on Vercel (immutable deployments, rollback-capable) | Vercel project + version-controlled deployment config |
| Database, auth, and storage | Supabase Postgres, authentication, and private storage buckets | Supabase project; schema changes as versioned SQL migrations in the repository |
| Source code and configuration | Application code, infrastructure and deployment configuration as code | Version-controlled Git repository (GitHub) |
| Third-party service dependencies | Transactional email (Resend), AI features (Anthropic), and other subprocessors | The published Subprocessors document in the Trust Center |
| Domains and DNS | Production domains, DNS records, and mail routing | DNS provider configuration — [Owner to confirm: documented inventory of domains and records] |
Because schema, deployment, and application configuration are version-controlled, the asset inventory for those layers is reconstructible from the repository rather than maintained as a separate, drift-prone spreadsheet.
3. Customer-Connected Data Sources
The most dynamic assets the platform manages are the data sources customers connect — code hosts, CI/CD, cloud accounts, observability tools, and AI-spend providers. For each organization, the in-product Connections page is the system of record for these assets: it shows every connected provider, its status, and its sync state, and is the single place connections are created, tested, synced, and removed.
- Each connector is defined in a central registry specifying its credential type, exact scopes, what data it pulls, and which scores it feeds.
- The public data-access page in the Trust Center is rendered directly from that same registry, so the published description of what ShipReady reads cannot drift from what the product actually requests.
- Connectors that cannot yet be connected are listed as such and are never shown as functional; the platform does not claim access it does not have.
- For connectors whose target host is supplied by the customer (self-hosted instances), an egress guard blocks requests to loopback, link-local, private, and reserved addresses — including hostnames resolving to them — so a connection cannot be turned into a request-forgery path into internal infrastructure.
4. Credential and Secret Assets
Credentials are tracked and protected as first-class assets. Customer connector credentials are encrypted at rest with AES-256-GCM before storage in a dedicated secrets table with deny-all row-level security; encryption and decryption happen only in server-side code, and the encryption key is held as a platform environment secret, never in the codebase or logs.
- Connect flows guide customers to create credentials with the minimum documented scopes, and recommend short expirations where the provider supports them.
- Platform secrets (service keys, encryption keys, provider API keys) live in the hosting platform's environment configuration, not in source control.
- Each credential's existence and lifecycle is visible through its connection: connecting, syncing, and disconnecting are recorded in the audit log.
5. Data Assets and Ownership
Data stores are inventoried by ownership. Customer tenant data (metrics, scores, findings, configuration metadata) is org-scoped: every tenant row carries an organization id and is isolated by row-level security policies built on membership helper functions, so each organization's members can only reach their own organization's rows. Compliance-evidence artifacts are stored with SHA-256 integrity hashes, with binary files in a private storage bucket that has no tenant-accessible storage policies. Audit-log records and their retention are governed by the Data Retention Policy.
6. Asset Lifecycle: Change and Decommissioning
Assets change through controlled paths and are retired deliberately:
- Application changes ship as immutable deployments that can be rolled back to a previous known-good version; database changes ship as versioned migrations.
- Customer-connected sources are decommissioned by disconnecting them, which deletes the connection and its stored encrypted credential and writes an audit event; a failed deletion blocks the flow rather than leaving the credential silently active.
- Data held in retired or disconnected assets is disposed of per the Data Retention Policy.
- [Owner to confirm: cadence for reviewing and removing unused third-party services, tokens, and DNS records.]
7. Endpoint and Personnel Assets
Workstations and other devices used to operate the platform are assets in scope of this policy. [Owner to confirm: the inventory of devices with production access, disk-encryption and screen-lock requirements, and whether mobile-device management is in place.] Access to production systems is limited to authorized personnel of Persoon.ai Inc.; personnel access rights are governed by the Access Control Policy.
8. Responsibilities and Review
The platform owner is accountable for keeping the asset inventory accurate: new services, data stores, and connector types must be reflected in the registry, the Subprocessors document, and this policy before or at launch. This policy is reviewed at least annually and after any significant architectural change.
This document is an AI-generated draft and is not legal advice or a binding commitment until reviewed and approved by Persoon.ai Inc. and counsel. Questions may be directed to security@persooninc.com.