Security & compliance
Built for the things you can't afford to lose.
HydraScale touches your orders, your ad spend, your customer email, and sometimes your invoices. Here's how we keep it safe.
Security pillars
Encryption
TLS 1.2+ in transit. AES-256 at rest for the primary database and object storage. Secrets stored encrypted with a separately-managed key.
Authentication
Email/password with bcrypt-hashed credentials, plus OAuth via Google. Session cookies are httpOnly and sameSite=lax. OAuth state is HMAC-signed with a 10-minute TTL to prevent CSRF on third-party round-trips.
Tenant isolation
Every API route is gated by `guard()` which returns a tenant-scoped Prisma where-clause. A static audit script (`audit:isolation`) runs before each release and fails CI on any unscoped query.
Data minimisation
Only the data needed for a feature is synced. Gmail message bodies are processed in-memory and never persisted beyond annotations + metadata; Google Drive access is folder-scoped.
Reliability
Synthetic heartbeats every 30 minutes; sync-run health surfaced in the product. 99.9% uptime target. Public incident reporting at the status page.
Compliance posture
GDPR & CCPA workflows built in. Standard Contractual Clauses and a signable DPA on request. Audit logs retained 12 months.
Compliance disclosure
Google API Services — Limited Use
HydraScale's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We do not sell Google user data to third parties.
We do not use Google user data for advertising, and we do not allow humans to read your Google user data except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
Why we request each Google scope
Google Ads (adwords + userinfo.email + userinfo.profile)
Why: Read daily spend, impressions, clicks, conversions per ad account so the dashboard can show real margin and ROAS. userinfo lets us display 'Connected as ...' on the integration card so you can confirm the right Google account was linked.
What we keep: Daily aggregates only — no creative content, no audience PII. Email + display name shown on the integration card only.
Sign in with Google (openid + email + profile)
Why: Lets you create an account or sign in with one click. We receive only your Google account email, display name, and profile picture URL.
What we keep: Email + name attached to your user record so you can sign back in. We do not store profile picture URLs.
Encrypted in transit + at rest
All Google data is fetched over TLS and stored encrypted at rest in our database.
Strict tenant isolation
Your Google data is only readable by users in your organisation. Cross-tenant access is blocked at the database layer and audited.
Revoke any time
Disconnect a Google integration in Settings → Integrations, or revoke at myaccount.google.com/permissions.
No advertising use
Google user data is never used to personalise, target, or measure advertising.
Questions about our Google API usage? Email privacy@hydrascale.io.
Your controls
You stay in control of your data
Every integration is revocable in one click. Every mutation is logged. Every export is yours.
Revoke any integration in one click
From Settings → Integrations, or directly at the provider (Google permissions, Shopify admin, Meta Business Tools).
One-click exports
Orders, shipments, ad spend, customers and inventory all exportable to CSV from inside the product.
Role-based access
Owner, admin, member and viewer roles. Read-only roles can't mutate data.
Full audit trail
Every change to your workspace records who, what, when. Available to org owners on request.
Account deletion in {SLA}
Production data purged within 30 days. Backups roll off within 90 days. See Data Deletion Instructions
Vendors
Subprocessors
The vendors we rely on to operate. All are bound by data-processing agreements and may only use your data on our behalf. We'll notify you in advance if we add a new subprocessor that processes personal data.
| Service | Purpose | Region |
|---|---|---|
| Cloud hosting | Compute, database, object storage | EU / US (configurable) |
| Transactional email | Receipts, security alerts, password resets | Provider regions |
| AI provider (Anthropic) | Anomaly explanations, support-email triage — no model training on your data | Provider regions |
| Payment processor | Card processing — we never see card numbers | Global (PCI-DSS Level 1) |
| Error monitoring | Anonymised stack traces for production issues | EU/US |
Found a security issue?
We welcome responsible disclosure. Email security@hydrascale.io with steps to reproduce. We'll acknowledge within 24 hours, work on a fix, and credit you in our security notes if you'd like.
Please don't test on production tenants other than your own, and don't exfiltrate data beyond what's needed to demonstrate the issue.