Trust & Security

ShipReady Metrics reads the confidential signal inside your engineering, cloud, and security systems. It’s built security-first — here is exactly how your data is isolated, protected, and used.

Tenant isolation, enforced in the database

Every row is scoped to your organization and enforced by Postgres row-level security — a member of one organization can never read another's scores, findings, connectors, or decisions. Isolation lives in the database, not just the application.

Least-privilege scopes — and we name what we keep

We request the narrowest scope a provider offers, and recommend short-lived tokens where a provider has no scoped tier. What we keep is narrower than what we read, and the detail matters more than the slogan. Your source code is never stored and your repository is never cloned. Your score inputs are aggregate numbers plus a runtime inventory (e.g. "Node.js 20", count 3), containing no repository or author names. But your repository names, author display names, cloud resource names, and unremediated vulnerabilities ARE stored — in the metrics and findings tables — because the product cannot do its job without naming them: an org-wide AI-readiness percentage that can't tell you WHICH repositories lack tests is a number you can't act on, and a vulnerability nobody can attribute to a resource is a vulnerability nobody can fix. See the exact scopes each connector requests, what it pulls, and which scores it feeds on the data access & permissions page.

Data access & permissions →

Encrypted credentials

Connector tokens are encrypted at rest with AES-256-GCM, accessible only to the service role, and are never returned to a browser or written to a log.

Authentication & provisioning

Email/password and Google OAuth today; TOTP multi-factor authentication is built and rolling out (currently flag-gated, not yet enabled for customer accounts). Enterprise SSO (SAML) and SCIM user provisioning are available on request during onboarding. SCIM provisioning covers Users only today (no group push). Removing a user's last organization membership deletes their identity and ends active sessions immediately; membership removal revokes data access on the next request via row-level security.

Append-only audit logging

Sensitive actions are recorded to an append-only audit trail (no update or delete), exportable as compliance evidence.

Your data, your control

Export reports and findings to CSV/Markdown and your full organization data on demand; account and data erasure are handled on request as a deliberate, confirmed action. There is no public or programmatic API — confidential tenant data stays inside the authenticated, access-scoped app.

Analytics & consent

Third-party website analytics (Google Analytics, Microsoft Clarity) load only on our public marketing pages — never inside the authenticated app — and, where consent is required, only after you opt in. Analytics never receive tenant data.

AI processing

The optional AI Security Audit sends only normalized finding metadata to Anthropic's Claude, and only when you run it — never raw secrets, prompts, or transcripts. No other feature sends your data to a third-party model.

Infrastructure & architecture

ShipReady Metrics is a multi-tenant SaaS built on managed, independently-audited cloud infrastructure. Every request crosses three layers, and your data is isolated at each.

  1. Browser boundaryEvery response is served over HTTPS/TLS and carries hardened security headers — a per-request Content-Security-Policy with a script nonce and strict-dynamic, HSTS (preloaded), X-Frame-Options: DENY, and X-Content-Type-Options: nosniff. Plaintext transport is never used for your data.
  2. Application (Vercel)The application runs on Vercel's managed platform behind a global CDN. Every request is authenticated and authorized server-side before any data is read; role-based access control (admin / engineer / executive) gates privileged actions.
  3. Database & storage (Supabase)Tenant data lives in a managed Postgres database. Isolation is enforced in the database by row-level security, so a query can only ever return your organization's rows. Bulk data is encrypted at rest by the managed platform (AES-256); connector tokens are additionally encrypted by the application with AES-256-GCM and are readable only by the service role.

Every change ships through continuous integration that runs type-checking, linting, tests, a production build, an automated database-grant audit, and a tenant-isolation test suite (which re-applies every migration from scratch and asserts cross-tenant reads are denied) before it reaches production. A detailed security architecture overview is available for enterprise review — contact info@persooninc.com.

Subprocessors

The third parties that process data on our behalf, and what each is used for.

Supabase
Managed Postgres database, authentication, and storage
Vercel
Application hosting and content delivery
Resend
Transactional email (sign-in, invitations, digests)
Anthropic
AI Security Audit — finding metadata, on demand only
Google Analytics
Website analytics — public marketing pages only, consent-gated
Microsoft Clarity
Website session analytics — public marketing pages only, consent-gated

Compliance & vulnerability disclosure

The practices above are how the product is built today. For a Data Processing Agreement, subprocessor change notifications, or the current status of formal certifications, contact info@persooninc.com. Report a security issue via the report form or our security.txt, and see live availability on the status page.

See it on your own data

Connect a source and your Executive Overview populates as the first sync completes — about a minute for small orgs, several minutes for large estates.

Get started

Rolling this out for a larger org? Talk to us about enterprise.