Security at Capto

All traffic to and from Capto is encrypted in transit with TLS 1.2+. Data at rest in our managed database and storage layer is encrypted with AES-256.

Every table is protected by row-level security (RLS). A user can only read or modify rows that belong to their account or to a workspace they're a member of. Workspace roles (owner, admin, member) gate sensitive actions like adding integrations or inviting teammates.

Twilio auth tokens and Google OAuth tokens are never readable from the browser. Reads and writes happen only inside authenticated server functions using a privileged service role. Even authorized teammates cannot exfiltrate these tokens through the app.

Every Twilio configuration change (add, remove, set default) is recorded in an immutable audit log with timestamp and acting user, viewable in Settings → Integrations.

Sign-in supports email/password and Google. Passwords are checked against the Have I Been Pwned database — known-breached passwords are rejected at signup and password change. Sessions use short-lived JWTs with secure refresh.

Workspace data is scoped by business_id and enforced at the database layer. Demo accounts run in their own isolated workspace with seeded data — new signups never inherit demo content.

We log application errors, integration changes, and authentication events. Automated security scans run against the database to catch misconfigured access policies before they reach production.

If you've discovered a security issue, please report it privately to security@usecapto.com. We'll acknowledge your report within 2 business days and keep you updated through resolution. Please don't publicly disclose until we've had a chance to investigate and patch.

For general security or compliance questions, see our Privacy Policy and Terms of Service, or reach out via the contact page.