Security

All traffic to OpsVue is served over HTTPS / TLS, with HSTS so browsers always connect securely.

Each workspace’s data is isolated using database row-level security. One workspace cannot read or write another workspace’s data. Platform/admin tables are deny-all to the application runtime.

Within a workspace, members have roles (Owner, Admin, Manager, Operator, Crew, Accounting, Viewer) that determine what they can see and do. Sensitive surfaces (financials, members, billing) are enforced server-side, not just hidden in the UI.

We apply application-level rate limiting on sensitive actions (sign-in, signup, invites). Abuse markers derived from IP and browser are stored as salted hashes, not raw values.

We set security headers (including HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and a Content-Security-Policy in report mode) and run a redacting logger designed to keep secrets and message bodies out of logs.

We do not collect payment card details today and online billing is not switched on. We do not sell personal information.

OpsVue runs on reputable providers — see our Subprocessors page for the current list and what each handles.

We do not currently hold formal third-party certifications (for example, SOC 2). We will update this page if that changes — we won’t claim a certification we don’t have.

Found a security issue? Please report it to [SUPPORT_EMAIL_TO_CONFIRM] (see Contact). We appreciate responsible disclosure and will work with you to resolve valid reports.