Access is role scoped
Provider, customer, authority, specialist, and admin workflows use separate server-side authorization paths. User interface state is not treated as the permission boundary.
Trust center
Security posture
Guspora is built for operational records that need clear ownership, reviewable actions, and scoped access. This page summarizes current security practices without representing an audit, certification, or legal commitment.
Records are account scoped
Operational records are filtered by authenticated account, tenant, customer, property, or jurisdiction context before they are returned by protected APIs.
Operational actions are audited
Important writes capture actor, resource, action, timestamp, and metadata so customer-facing and internal changes can be reviewed later.
Sensitive workflows use review gates
High-impact automated work is routed through approval and policy checks before execution where the product requires human review.
Evidence is treated as source material
Inspection photos, signatures, answers, timestamps, and report artifacts are handled as operational evidence rather than marketing content.
Production access is limited
Production access is intended for authorized operators and support activity, with privileged work handled through controlled operational paths.
Current posture notes
- Security review is ongoing as product surfaces and customer workflows expand.
- Customer data access is designed around server-side checks, not hidden navigation.
- Public trust pages should describe current controls and avoid unsupported assurance claims.
- Questions about security review can be sent to security@guspora.com.