Security you can verify
This page is maintained by CISA.one to answer common security and privacy questions about the CISA.one platform. It describes the controls currently in place and how responsibilities are shared between our team, our hosting platform, and you.
Controls in place
Authentication
Accounts are protected by email/password and Google sign-in. Sessions are token-based, and passwords are never stored in plain text.
Access Control
Every record is protected by row-level security policies. Users can only access data tied to their own account, and elevated actions are gated by server-side role checks.
Data Protection
Client portal and engagement data is scoped to the authenticated user's identity. Sensitive operations run through server-validated logic rather than client-side trust.
Platform & Hosting
The application is built on Lovable Cloud, which provides managed authentication, a managed database, and encrypted data storage on trusted infrastructure.
Privacy Requests
You can request access to, correction of, or deletion of the personal information you have provided by contacting us.
Retention & Deletion
We retain account and engagement data for as long as your relationship with us is active, and remove it on verified request where we are not required to keep it.
Shared responsibility
Our hosting platform secures the underlying infrastructure, managed database, and authentication services. CISA.one is responsible for application access rules, data handling, and how your information is used. You are responsible for keeping your login credentials confidential and using a strong, unique password.
This page describes app-owned practices and platform capabilities. It is not a certification or an independent audit.
Report a concern
If you believe you have found a security vulnerability or have a privacy question, we want to hear from you. Please reach out and our team will respond as quickly as possible.