Security

How we protect your data and the infrastructure that powers Portals.

At Geolize, security is foundational to everything we build. Portals handles your business operations data — projects, teams, clients, costs — and we take that responsibility seriously. This page describes how we protect your data and the infrastructure that powers the Services.

Data encryption

Your data is encrypted at every stage:

  • In transit: all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS on all connections.
  • At rest: all data stored in our databases and file storage is encrypted using AES-256 encryption.
  • Backups: database backups are encrypted and stored in geographically distributed locations.

Infrastructure security

Portals is built on Convex, a modern backend platform that provides enterprise-grade infrastructure security. Our infrastructure includes:

  • Hosting on SOC 2 Type II certified cloud providers
  • Automatic scaling and redundancy to ensure high availability
  • Network isolation and firewall protection
  • DDoS mitigation and protection
  • Continuous infrastructure monitoring and alerting
  • Regular security patching and updates

Access control

We implement multiple layers of access control to protect your data:

  • Role-based access control (RBAC): define granular permissions for team members, ensuring people only access what they need.
  • Secure authentication: industry-standard authentication with support for strong passwords and session management.
  • SSO and SAML: enterprise plans support Single Sign-On integration with your identity provider.
  • Audit logs: comprehensive logging of user actions for accountability and compliance.

Data isolation

Each organization's data is logically isolated within our systems. Your data is never accessible to other customers. We enforce strict data boundaries at the application and database level to ensure complete separation between organizations.

Application security

We follow security best practices throughout our development lifecycle:

  • Secure coding practices aligned with the OWASP Top 10
  • Code review requirements for all changes before deployment
  • Automated security scanning in our CI/CD pipeline
  • Dependency vulnerability monitoring and timely updates
  • Input validation and output encoding to prevent injection attacks
  • Content Security Policy (CSP) headers to prevent XSS attacks

Organizational security

Security is part of our company culture:

  • Security awareness training for all team members
  • Principle of least privilege for internal system access
  • Background checks for employees with access to production systems
  • Documented incident response procedures
  • Regular security reviews and assessments

Data privacy

We respect your data ownership and privacy:

  • Your data is yours: we never sell, share, or use your data for advertising purposes.
  • Data portability: you can export your data at any time in standard formats.
  • Data deletion: when you delete your account, your data is removed within 90 days.
  • GDPR compliance: we implement appropriate measures to comply with European data protection regulations.
  • Chilean data protection: we comply with Law No. 19.628 on the Protection of Private Life.

Business continuity

  • Automated daily backups with point-in-time recovery capability
  • Geographically distributed backup storage
  • Disaster recovery procedures and regular testing
  • Real-time system monitoring with automated alerting

Responsible disclosure

We value the security research community. If you discover a security vulnerability in Portals, we encourage you to report it responsibly. Please send details to security@geolize.io. We ask that you:

  • Allow reasonable time for us to investigate and address the issue before public disclosure
  • Avoid accessing or modifying other users' data
  • Act in good faith and do not exploit vulnerabilities beyond what is necessary to demonstrate them

We commit to acknowledging your report within 48 hours and providing regular updates on our progress toward resolution.

Questions

If you have security questions or concerns, or need additional information for your compliance requirements, contact us at:

Geolize SpA
Av. Italia 850, Providencia, Santiago, Chile
Email: security@geolize.io
Web: geolize.io