Security

Last Updated: 2025-11-28

At estimio, security is a top priority. This page explains the security measures we implement to protect your data and our service.

Hosting Architecture

estimio is hosted on Google Cloud Run, a serverless container platform that provides:

• Stateless containers: Each request runs in an isolated container
• Automatic scaling: Handles traffic spikes without manual intervention
• Built-in DDoS protection: Google's infrastructure protects against attacks
• Regional deployment: Servers located in Switzerland/EU for data residency
• Automatic security patches: Google manages underlying infrastructure security

Encryption

In Transit

• HTTPS enforced everywhere: All connections use TLS 1.2 or higher
• HSTS (HTTP Strict Transport Security): Prevents downgrade attacks
• Certificate management: Automatic SSL/TLS certificates via Google Cloud

At Rest

• Database encryption: All data in PostgreSQL/Neon is encrypted at rest
• Encrypted backups: Database backups are encrypted
• Secret management: API keys and credentials stored as encrypted environment variables

Authentication & Authorization

Password Security

• bcrypt hashing: Passwords are hashed using bcrypt with a cost factor of 10
• No plaintext storage: We never store or see your actual password
• Password requirements: Minimum 8 characters (enforced by frontend validation)

Session Management

• JWT tokens: Short-lived JSON Web Tokens for authentication
• Token expiration: Tokens expire after 7 days or on logout
• httpOnly cookies: Tokens stored in httpOnly cookies (not accessible via JavaScript)
• Secure flag: Cookies only sent over HTTPS
• Token rotation: New tokens issued on login

Access Control

• Role-based access: Guest users have limited access vs. registered users
• Session ownership: Only session owners can configure Jira integrations
• API authentication: All API endpoints require valid authentication tokens

API Security

Rate Limiting

• Request throttling: Limits on API requests per user/IP
• Protection against abuse: Prevents automated attacks and scraping
• Graceful degradation: Rate limit errors return clear messages

Input Validation

• Zod schema validation: All API inputs validated with Zod schemas
• SQL injection prevention: Parameterized queries via Drizzle ORM
• XSS protection: Input sanitization and Content Security Policy headers
• CSRF protection: SameSite cookie attributes and token validation

Network Security

Firewall-Friendly Design

• HTTP polling: Primary real-time mechanism (works through firewalls)
• No WebSocket requirement: Uses HTTP polling for real-time updates (firewall-friendly)
• Standard HTTP/HTTPS: Uses standard ports (443) only

DDoS Protection

• Google Cloud Armor: Built-in DDoS protection at the infrastructure level
• Automatic scaling: Handles traffic spikes without service degradation
• Rate limiting: Additional application-level protection

Data Protection

Database Security

• PostgreSQL/Neon: Managed database with built-in security
• Connection pooling: Secure connection pooling via Neon HTTP
• Backup encryption: All backups are encrypted
• Access controls: Database access restricted to application servers only
• No direct access: Database not publicly accessible

Secret Management

• Environment variables: All secrets stored as environment variables
• No hardcoded secrets: No API keys or passwords in source code
• Cloud Run secrets: Secrets managed via Google Cloud Secret Manager (recommended)
• Rotation support: Secrets can be rotated without code changes

Application Security

Code Security

• Dependency scanning: Regular updates to patch vulnerabilities
• Type safety: TypeScript for compile-time error prevention
• Input validation: All user inputs validated and sanitized
• Error handling: Secure error messages (no sensitive data leaked)

XSS Protection

• React: Automatic XSS protection via React's built-in escaping
• Content Security Policy: CSP headers prevent inline script execution
• Input sanitization: User-generated content sanitized before display

CSRF Protection

• SameSite cookies: Cookies set with SameSite=Strict attribute
• Token validation: API requests validated for authenticity
• Origin checking: Requests validated against expected origins

Third-Party Integrations

Jira Integration

• Read-only access: We never modify, create, or delete Jira issues
• Encrypted credentials: Jira credentials stored encrypted in database
• API key security: Jira API keys/tokens stored securely
• User responsibility: Users must ensure they have permission to access Jira data

AI Integration (Google Gemini)

• API key security: Gemini API key stored as environment variable
• Signed requests: All AI API calls signed with API key
• No key exposure: API key never exposed to client-side code
• Rate limiting: Respects Google's API rate limits
• Error handling: Failures logged but don't expose sensitive data

Monitoring & Incident Response

Logging

• Structured logging: All events logged with severity levels
• Error tracking: Failed requests and exceptions logged
• Performance monitoring: Response times and performance metrics tracked
• Google Cloud Logging: Logs automatically sent to Cloud Logging

Incident Response

• 24/7 monitoring: Service monitored for anomalies
• Alert system: Automated alerts for critical errors
• Incident procedures: Documented procedures for security incidents
• User notification: Users notified of security incidents affecting their data

Backups

Database Backups

• Neon/PostgreSQL: Automatic daily backups
• Point-in-time recovery: Ability to restore to any point in time
• Backup retention: Backups retained for 30 days
• Encrypted backups: All backups encrypted at rest
• Geographic redundancy: Backups stored in multiple regions

Data Recovery

• Regular testing: Backup restoration tested regularly
• Recovery procedures: Documented data recovery procedures
• RTO/RPO targets: Recovery Time Objective and Recovery Point Objective defined

Security Updates

Patch Management

• Regular updates: Dependencies updated regularly
• Security patches: Critical security patches applied immediately
• Automated scanning: Dependencies scanned for known vulnerabilities
• Update notifications: Users notified of significant security updates

Vulnerability Disclosure

If you discover a security vulnerability, please:

1. Do not disclose it publicly
2. Email us at: info@estimio.ch
3. Include details and steps to reproduce
4. Allow us time to fix before disclosure

We appreciate responsible disclosure and will acknowledge security researchers.

Compliance

GDPR

• Data protection: Compliant with GDPR requirements
• User rights: Right to access, delete, and export data
• Data processing agreements: DPAs available for enterprise customers
• Privacy by design: Security measures built into the service

Data Residency

• EU/Switzerland hosting: Data stored in EU/Switzerland regions
• Data sovereignty: Respects data residency requirements
• Cross-border transfers: Appropriate safeguards for international transfers

Security Best Practices for Users

We recommend you:

• Use strong passwords: At least 8 characters, mix of letters, numbers, symbols
• Don't share credentials: Keep your account credentials private
• Log out on shared devices: Always log out when using shared computers
• Review Jira permissions: Ensure you have permission to access Jira data you connect
• Report suspicious activity: Contact us immediately if you notice anything unusual

Security Contact

For security-related questions or to report a vulnerability:

Email: info@estimio.ch
Subject: Security Inquiry

We take security seriously and will respond promptly to all security inquiries.

Updates

This Security page is updated as we implement new security measures. The "Last Updated" date reflects the most recent changes.