Security

Security at every layer

From device provisioning to cloud storage, EdgeConductor is built with enterprise-grade security controls — encryption, isolation, audit logs, and compliance readiness baked in from day one.

TLS 1.3AES-256 at restMulti-tenant isolatedRBAC enforcedAudit logsGDPR ReadySOC 2 In Progress2FA — Coming Soon
🔑

Authentication & Identity

Per-device API keys

Unique key per device assigned at provisioning time. Keys are hashed — never stored in plaintext.

Bearer token auth

All API calls require a scoped Bearer token. Tokens are org-scoped — one org cannot access another's data.

RBAC

Three roles: admin, org_admin, customer. Each role has a fixed permission set enforced server-side.

API key rotation

Keys can be revoked and rotated from the dashboard at any time. Old keys are immediately invalidated.

Password policy

Minimum 8-character passwords enforced at signup. Passwords are hashed with bcrypt — never stored in plaintext.

2FA / TOTP

Two-factor authentication via Google Authenticator or Authy. Coming soon — will be required for org_admin and admin roles.

🔒

Encryption

TLS 1.3 in transit

All REST API traffic uses HTTPS/TLS 1.3. Older TLS versions rejected.

MQTT over TLS

CloudAMQP broker enforces TLS 1.2/1.3 on port 8883. Plaintext MQTT connections rejected.

At-rest encryption

All data stored in Supabase/PostgreSQL with AES-256 at-rest encryption managed by the cloud provider.

Secrets management

API keys, MQTT credentials, and service keys stored as environment variables — never in code or logs.

🛡

Access Control

Org-level data isolation

Every database query is scoped to org_id. One tenant can never query, read, or modify another tenant's data.

Row-level security

Supabase RLS policies enforce org isolation at the database level — even if application logic is bypassed.

Audit logs

Every rule fire, OTA push, config change, and device offline event is logged with timestamp and actor. Available in Business tier.

Immutable audit trail

Audit log entries cannot be modified or deleted — append-only for compliance requirements.

📡

Device Security

Unique device identity

Each device gets a unique serial and secret at registration. Secrets are never transmitted after initial provisioning.

Signed OTA packages

OTA firmware updates are delivered over TLS. Firmware version is verified before flashing. Rollback on failure.

Shadow-based command model

Commands reach devices via the shadow desired state — no direct command channel that could be spoofed.

Offline-safe provisioning

Device credentials are assigned at factory time. No internet required during manufacturing.

Compliance Readiness

We build toward the compliance standards our customers need — healthcare, manufacturing, smart buildings, and government.

GDPRReady

Data residency in EU-hosted infrastructure available. User data deletion on request. No data sold to third parties.

HIPAAOn Roadmap

Relevant for healthcare deployments (hospital environment monitoring). BAA available on Enterprise tier. Audit logs + access controls already in place.

SOC 2In Progress

SOC 2 Type II audit planned for Q4 2026. Controls for availability, confidentiality, and security are already implemented.

ISO 27001Roadmap

Information security management framework alignment in progress. Relevant for enterprise and government deployments.

Responsible Disclosure

Found a security vulnerability? We take all reports seriously. Email us directly — we respond within 48 hours and will credit you in our security changelog.

edgeconductor@gmail.com →

Enterprise Security Review

Need a security questionnaire filled, penetration test results, or a dedicated security review before deployment? Talk to us.

Request Security Review →