Security

Oblixa is built for organizations that need accountable contract execution. Security is handled in depth through your deployment configuration, identity provider choices, and administrative controls in the product.

Transport and authentication

Browser traffic to the application should be served over HTTPS in production. Users sign in through the authentication mechanisms configured for your workspace (for example email and password or SSO, depending on setup).

Organization isolation

Product data is scoped to workspaces and organizations. Application code enforces access using server-side authorization aligned with your membership and role model—client-side UI alone is not a security boundary.

Integrations and automation

API keys, webhooks, and integrations should be scoped and rotated according to your policy. Prefer least privilege for automation that touches operational data.

Reporting issues

Vulnerability disclosure contact and machine-readable pointers are published in security.txt. Use that channel for security-sensitive reports rather than public issue trackers.