Security Policy

TOTP (Time-based One-Time Password) available for all client portal users. Activation via Profile → Security. Once enabled, a 6-digit code verification is required at every login. Compatible with Google Authenticator, Authy, Microsoft Authenticator.

OAuth2/OIDC via Google and Microsoft, Authorization Code PKCE flow. MFA for SSO users is delegated to the organisation's identity provider.

Differentiated roles: Admin (full access), Member (operational), Viewer (read-only), Custom (configurable granular permissions). The canExportData permission is required for SIEM export, verified server-side (HTTP 403 if missing).

Automated daily job: warning at 60 days of inactivity (INACTIVITY_WARNING event in the SIEM). Automatic revocation of all sessions at 90 days (GDPR Art. 32 / DORA Art. 9). Each event is timestamped in the audit trail.

TLS 1.2 / 1.3 enforced on all connections. HTTPS mandatory, HSTS enabled (max-age=31536000). HTTP automatically redirected to HTTPS.

Sensitive data (CRM credentials, OAuth, prospect files): AES-256-GCM application-level encryption before persistence. PostgreSQL database: AES-256 at infrastructure level (Neon). Backups: AES-256.

RS256, automatic rotation every 7 days. Primary key + backup key maintained for multi-instance high availability. Never transmitted in clear text.

Format godia_live_<base64url-32bytes>: only the SHA-256 hash is stored in the database. The plaintext key is displayed only once upon creation, never stored or recoverable.

Global: 3,000 req / 15 min per IP (sliding window). Login: 5 attempts / 15 min, automatic temporary lockout. API v1: 1,000 req / hour per key. SIEM Export: 10 exports / hour per organisation.

HSTS (max-age=31536000), X-Frame-Options: DENY, X-Content-Type-Options: nosniff, strict Content-Security-Policy enabled on all responses.

Synchronised token (sessionStorage) + server-side validation on all mutating routes. GET requests are exempted.

Strict whitelist of allowed origins. Only the chat widget APIs are intentionally open to allow integration on client websites.

4 tables not editable through the interface: auth_events (logins, MFA, revocations), 90-day retention. access_logs (sensitive data access, admin actions), 90-day retention. client_activity_logs (portal actions), 30-day retention. alert_history (security alerts), 90-day retention.

JSON and CSV format from the client portal, compatible with Elastic, Splunk, QRadar, Microsoft Sentinel. Filters by time period and event type. Organisation-isolated server-side. canExportData permission required. Anti-exfiltration rate limit: 10 exports / hour.

Brute force login, tenant isolation violations, invalid tokens, access anomalies, prolonged inactivity: immediate email notification via Mailjet upon trigger.

npm audit integrated into every build. Automatic alerts on known vulnerabilities in dependencies.

Critical: 48h / High: 7 days / Medium: 30 days / Low: next release.

External pentest by a certified third party planned for H2 2026. Internal security tests performed on every major release.

Official programme available on our dedicated page. Reports via security@godia.ai (response SLA: 48h for any reported vulnerability).

Zod (strict TypeScript schemas) on 100% of backend routes. Systematic rejection of data that does not conform to the expected schema.

Drizzle ORM, parameterised queries only. No SQL string concatenation in the codebase.

Systematic on every pull request before merge to production.

Railway environment variables, never in source code or the Git repository. OAuth and CRM credentials encrypted with AES-256-GCM before persistence.

Production and development environments are separated, with distinct databases and environment variables. No cross-access between prod/dev.

RTO (Recovery Time Objective): < 15 minutes, automatic Railway restart. RPO (Recovery Point Objective): 24 hours, daily Neon backup.

99.5% monthly guaranteed, 99.9% available by contract. See our full SLA. Real-time status: status.godia.ai.

Daily AES-256 encrypted backups, managed by Neon. 30-day retention. EU multi-zone replication.

If the AI engine becomes unavailable, existing data (conversations, leads, analytics) remains accessible. Explicit error messages are returned, with no silent fallback.

Detection via SIEM alerts → internal qualification → client notification (4h SLA for critical incidents) → remediation → post-incident report (PIR).

Available in the client portal: creation, tracking and closure from the interface. Each incident documented with timeline, impact and corrective measures.

Documented procedure: notification to supervisory authorities within 72 hours in case of a personal data breach (GDPR Art. 33). Automatic email notification to affected organisations.

L1: in-app ticket → L2: support@godia.ai → L3: technical management → L4: security emergency security@godia.ai (4h SLA).

Formalised impact assessment (March 2026), 4 documented processing activities: AI conversations, lead management, authentication, SIEM logging. Available upon request.

Complete and operational. ICT providers formalised in the DPIA: Mistral AI SAS (France), Railway (infrastructure), Neon (database).

Post-incident reports accessible from the client portal, with integrated incident reporting, tracking and closure from the interface.

JSON/CSV from the portal, compatible with market SIEM tools (Elastic, Splunk, QRadar, Microsoft Sentinel).

Data processing agreement available for signature before any contractual relationship begins. Contact: legal@godia.ai.

Full data export provided within 30 days upon termination. Permanent deletion within 60 days. No proprietary lock-in: standard PostgreSQL, data exportable in JSON/CSV.