Security
OpenBoxes Lift is built with security at every layer. From data isolation to encryption to infrastructure hardening, we take a defense-in-depth approach to protecting your supply chain data.
Data Isolation
Every Lift tenant's data is isolated from all other tenants. The level of isolation depends on your plan.
Shared Tier
On the Shared tier, your data lives in its own dedicated database schema. This means:
- Your tables and data are completely separate from other tenants
- No tenant can query or access another tenant's schema
- Database-level access controls enforce schema boundaries
- Shared infrastructure (database server) keeps costs low while maintaining strict separation
Dedicated Tier
[Dedicated]
On the Dedicated tier, your data lives on a dedicated database instance:
- Your own database server, not shared with anyone
- Full performance isolation --- other tenants cannot affect your query performance
- Independent backup and recovery
- Configurable maintenance windows
Enterprise Tier
[Enterprise]
On the Enterprise tier, your entire application runs on a dedicated cluster:
- Separate Kubernetes namespace with network-level isolation
- Dedicated compute resources (CPU, memory)
- Dedicated database cluster with replication
- No shared infrastructure with other tenants
Encryption
In Transit
All data transmitted to and from Lift is encrypted using TLS 1.2 or higher:
- Portal (app.openboxes.cloud) --- HTTPS enforced
- OpenBoxes instances (*.openboxes.cloud) --- HTTPS enforced
- Authentication (auth.openboxes.cloud) --- HTTPS enforced
- API traffic between services --- mTLS within the cluster
HTTP requests are automatically redirected to HTTPS. There is no way to access Lift over an unencrypted connection.
At Rest
All stored data is encrypted at rest:
| Data Type | Encryption |
|---|---|
| Database storage | AES-256 (Google Cloud managed keys) |
| Backups | AES-256 (Google Cloud managed keys) |
| File uploads | AES-256 (Google Cloud managed keys) |
| Secrets and credentials | Encrypted Kubernetes Secrets |
[Enterprise] Enterprise accounts can use customer-managed encryption keys (CMEK) for additional control over their encryption.
Access Controls
Authentication
All access to Lift is authenticated through Keycloak, our identity management system:
- Passwords are hashed using industry-standard algorithms (bcrypt)
- Multi-factor authentication (MFA) is available on all plans
- Account lockout after repeated failed login attempts
- Session tokens expire after inactivity
See Single Sign-On for details on authentication options by tier.
Role-Based Access
The Lift portal uses role-based access control (RBAC) with three roles:
| Role | Capabilities |
|---|---|
| Admin | Full access to all portal features including billing and settings |
| Manager | User management, no billing or security settings |
| Browser | View-only portal access, can launch OpenBoxes |
These roles govern portal access. OpenBoxes itself has its own role system for controlling access to supply chain features.
IP Allowlisting
[Enterprise]
Enterprise accounts can restrict access to their Lift portal and OpenBoxes instance by IP address:
- Go to Settings > Security > IP Allowlist
- Add trusted IP addresses or CIDR ranges
- Click Save
When enabled, requests from non-allowlisted IPs are blocked at the network level. This is useful for organizations that require access only from corporate networks or VPNs.
Audit Logs
[Enterprise]
Enterprise accounts have access to comprehensive audit logging that tracks all significant actions across the platform:
What Is Logged
| Category | Events |
|---|---|
| Authentication | Login, logout, failed attempts, MFA events, password changes |
| User management | User invited, role changed, user removed |
| Instance | Instance started, stopped, restarted |
| Billing | Plan changed, payment method updated |
| Settings | SSO configured, IP allowlist modified, security settings changed |
| Data access | OpenBoxes API calls (summary, not payload) |
Accessing Audit Logs
- Go to Settings > Audit Logs in the portal
- Filter by date range, event type, or user
- Export logs as CSV or JSON for integration with your SIEM
Audit logs are retained for 1 year and cannot be modified or deleted.
Infrastructure Security
Lift runs on Google Cloud Platform (GCP) with the following security measures:
Google Kubernetes Engine (GKE)
- Private cluster --- Worker nodes have no public IP addresses
- Network policies --- Pod-to-pod communication restricted to necessary paths only
- Automatic node updates --- Security patches applied automatically
- Container scanning --- Images scanned for known vulnerabilities before deployment
- Namespace isolation --- Each service runs in its own namespace with RBAC
Network Security
- Cloud Armor --- DDoS protection and WAF rules at the edge
- Ingress controllers --- All external traffic routed through hardened nginx ingress
- Internal service mesh --- Services communicate over internal cluster networking only
- Secrets management --- Credentials stored in encrypted Kubernetes Secrets, never in code or config files
Operational Security
- Automated deployments --- All changes go through CI/CD pipelines with automated testing
- Infrastructure as code --- All infrastructure is defined in Terraform and Helm, version-controlled and auditable
- Least privilege --- Service accounts have minimum necessary permissions
- Dependency scanning --- Automated checks for known vulnerabilities in dependencies
Compliance
Current Certifications
Lift runs on Google Cloud Platform, which maintains the following certifications:
- SOC 1, SOC 2, SOC 3
- ISO 27001, ISO 27017, ISO 27018
- HIPAA (with BAA)
- PCI DSS
Lift Platform Compliance
We are actively working toward platform-level compliance:
| Standard | Status |
|---|---|
| SOC 2 Type II | In progress --- target completion Q3 2026 |
| HIPAA | Planned --- available for Enterprise accounts |
| GDPR | Compliant --- data processing agreements available |
[Enterprise] Enterprise accounts can request a detailed security questionnaire, penetration test results, and data processing agreements. Contact security@openboxes.cloud.
Incident Response
In the event of a security incident:
- Our monitoring systems detect and alert the on-call team
- The incident is triaged and contained
- Affected customers are notified within 72 hours (or sooner as required by applicable regulations)
- A post-incident report is provided to affected accounts
Reporting Vulnerabilities
If you discover a security vulnerability in Lift, please report it responsibly to security@openboxes.cloud. We take all reports seriously and will respond within 48 hours.
Questions
For security-related questions or to request documentation for your procurement process, contact us at security@openboxes.cloud.