GBOS
Book a demo

Trust Center

Security & Trust

GBOS is built to help teams ship production software with governance. Our security program is designed around practical controls: least privilege, encryption, monitoring, and audited processes.

Last updated: February 9, 2026Contact: security@gbos.io

Security at a glance

Encryption

Data is encrypted in transit and at rest where supported by underlying infrastructure.

Access controls

Role-based access and least privilege are used for internal and customer access.

Monitoring

Logging and alerting support suspicious activity detection and operational visibility.

Backups & recovery

Regular backups and recovery procedures are maintained.

Secure development

Reviews, testing gates, and change management are built into delivery.

Incident response

Documented response workflows include triage, remediation, and communication.

We only claim certifications when independently audited and issued.

Our security philosophy

GBOS is designed for a world where software is built faster without sacrificing control.

  • Prevent: secure defaults, encryption, least privilege.
  • Detect: monitoring, logs, and anomaly signals.
  • Respond: incident playbooks and containment workflows.
  • Improve: risk reviews and continuous hardening.

Governance & access control

Account security

  • Secure authentication flows.
  • Session controls and suspicious-login detection where applicable.
  • Admin management tools where enabled.

Authorization & permissions

  • Role-based permissions restrict actions and data visibility.
  • Separation of concerns between builders, reviewers, and viewers.
  • Audit-friendly change tracking where enabled.

Data protection

Encryption

  • In transit: HTTPS/TLS for data between users and GBOS.
  • At rest: encryption on stored data across platform and infrastructure layers.

Data isolation (multi-tenant safety)

Tenant-aware access patterns and controls are designed to prevent cross-tenant data exposure.

Data retention

Data is retained according to account settings, contractual requirements, and legal obligations. See Privacy Policy for details.

Secure development lifecycle

GBOS uses a governed workflow: requirements -> blueprint -> build -> test -> deploy.

  • Code reviews and approval gates.
  • Automated checks such as linting and dependency scanning where configured.
  • QA/test gating aligned to release readiness.
  • Documented deployment processes.

Monitoring, logging & incident response

Monitoring & logs

Logs are maintained to support security investigations, performance analysis, and reliability operations.

Incident response

  • Detection and triage.
  • Containment and remediation.
  • Customer communication as appropriate.
  • Post-incident review and control improvements.

Vulnerability disclosure

If you believe you have found a security issue, email security@gbos.io with reproduction steps.

  • Do not access data that is not yours.
  • Do not disrupt service availability.
  • We acknowledge submissions and coordinate remediation.

Compliance & audits

We are building controls aligned with common SaaS security frameworks and may pursue third-party audits such as SOC 2 as we scale.

Security FAQ

Do you have SOC 2?

Not yet. We are aligning our controls and roadmap with common audit frameworks.

Where is data stored?

Current regions include US (Dallas), Ireland, Dubai, and Mumbai.

How do I report a vulnerability?

Email security@gbos.io with clear reproduction steps.

Do you support SSO?

SSO support is available for enterprise-focused deployments based on plan and environment.