Security built for regulated fireworks commerce.

Tenant data is isolated with PostgreSQL Row-Level Security. Tenant tables force RLS, policies filter by the active tenant setting, and cross-tenant integration tests run in CI. See TENANT_SCOPING.md for the scoping model.

Traffic terminates through Caddy with automatic TLS, including on-demand TLS for verified tenant custom domains. Hosted PostgreSQL storage and DigitalOcean disks provide encryption at rest.

Staff authentication uses WorkOS AuthKit. Storefront customers use magic-link authentication, and OAuth callbacks preserve tenant context across login and tenant switches.

ValorPay Passage.JS tokenizes card data directly in the browser. PyroApex receives a payment token rather than raw card numbers, minimizing PCI DSS exposure.

Per-tenant snapshot capture, self-serve restore, and row-level version history are in the 2026 roadmap. The pages will be updated with retention and recovery details after Cory verifies the final policy.

Changeset review, price-list reassignment audit events, and database ownership guards are being built into operational workflows so sensitive changes leave reviewable evidence.

PyroApex does not claim SOC 2 certification today. The team is evaluating the Type II audit path for 2026 and will update this page when audit status changes.

Security reports can be sent to security@pyroapex.pro. Please include affected URL, reproduction steps, impact, and contact information for follow-up.