SECURITY

Security you can
actually verify

Gealo holds other companies' work, so isolation and least-privilege access aren't features. They're the foundation. Here is exactly how it works.

Tenant isolation comes first

Every workspace (tenant) is the sole owner of its data. Every database row carries a workspace identifier; project data additionally carries a project identifier. There is no unscoped record and no cross-workspace join. Caches are keyed by workspace, and realtime connections only ever join their own workspace and project rooms, so a cached object or a broadcast can never reach the wrong tenant.

Least-privilege access

Membership in a workspace is not the same as access to everything in it. Permission templates govern what each member can do (create projects, edit tasks, manage billing), and project-level checks ensure a member can't read a project they aren't a collaborator on. The AI agent acts strictly within the calling user's permissions; it can never do more than the person using it.

Data in transit and at the edge

Traffic is served over HTTPS with HSTS (including preload), and responses carry hardening headers such as Cross-Origin-Opener-Policy, X-Frame-Options and a Referrer-Policy. Authenticated application surfaces are excluded from search indexing so private workspace URLs never leak into search results.

File handling & DLP

Uploads are validated by type and size against your plan's limits, and download links are only signed after a permission check, with a short expiry. Object keys are namespaced by workspace and project. Blocked extensions and size ceilings are enforced on the server, never trusted to the browser.

Authentication & SSO

Personal accounts support Google sign-in with optional two-factor authentication. Enterprise workspaces can require SSO, in which case non-SSO sign-in is rejected at the API, not just hidden in the UI.

Limits live on the server

Plan limits and feature flags are computed on the server from your plan, then expanded by add-ons and tightened by policies. The browser only reflects decisions the server has already made. One source of truth means fewer ways for enforcement to drift.

Compliance status: the honest version

We don't claim certifications we don't hold. SOC 2 Type II and ISO 27001 work is in progress, and a HIPAA BAA is available to enterprise workspaces under contract. The trust center has the current status and how to request reports under NDA.

Reporting a vulnerability

Found something? Please report it responsibly. See our security.txt or email [email protected]. We appreciate good-faith disclosure and will work with you on a fix.