Home / Security
Platform security
Technical and administrative controls adopted or being implemented to protect accounts, credentials and operational data.
Security architecture
- HTTPS: all website and platform traffic protected with TLS;
- Access control: access restricted to authorized administrative users;
- Authentication and authorization: official mechanisms for the Google account integration; the platform's own authentication for platform access;
- Least privilege: every credential and service holds only the minimum required permissions;
- Environment segregation: separation between development, staging and production;
- Operation logging: relevant actions recorded for auditing;
- Monitoring: log review and anomaly tracking;
- Backups: backup copies of configurations and operational data;
- Dependency updates: periodic review and updating of components;
- Incident handling: identification, containment, remediation and documentation process.
Credential protection
Credentials and tokens must never be:
- Exposed to the frontend;
- Written into source code;
- Sent to the browser;
- Stored in code repositories;
- Printed in logs.
Secrets are kept in environment variables or protected configuration mechanisms, accessible only to the authorized backend. The platform never requests or stores Google account passwords.
Auditing
Operations performed by automation must produce records containing:
- Date and time;
- Responsible user or service;
- Affected account;
- Operation type;
- Resource modified or queried;
- Operation outcome.
Higher-impact operations — such as budget or status changes — follow a preview-and-approval workflow with human review where configured, before anything is applied.
Access revocation
Access granted to the platform can be revoked at any time by account administrators through the Google account's own security settings, in addition to internal credential deactivation on the platform.