Security

Security is not a feature — it is the foundation. Every layer of Harbor Commerce is built with defense in depth.

Every record scoped by organization ID. Complete data separation between tenants.

Granular RBAC with owner, admin, member, and viewer roles on every endpoint.

Data encrypted at rest and in transit. TLS everywhere, PostgreSQL disk encryption.

Stripe signature verification with timestamp tolerance. Idempotent processing.

Redis-backed sliding window rate limiting on all endpoints. Strict limits on auth.

Immutable audit trail for all write operations with IP, user agent, and change diffs.

SHA-256 hashed key storage. Keys shown once at creation. Rotation without downtime.

Centralized logging, monitoring, and alerting. Structured error tracking with request correlation.