🔒 Security & Trust

Built for regulated
environments.

TicketZero handles sensitive IT operations — password resets, account unlocks, access changes — for firms where a breach is a compliance event, not just an outage. Here's exactly how the system is built.

Honest posture note. TicketZero is an early-stage product. We don't hold SOC 2, HIPAA BAA, or FedRAMP certifications today — pursuing formal audits as the customer base scales. What we can show is the architecture: encryption at rest, strict tenant isolation, minimal OAuth scoping, and full audit trails. The foundation is sound.
🏢

Multi-Tenant Isolation

Every customer is a separate tenant. Data segregation is enforced at the database query layer — every query is scoped by tenant_id. There is no shared data pool between organizations.

  • Row-level tenant scoping on all queries — cross-tenant reads are structurally impossible
  • Google Workspace credentials are stored per-tenant in isolated records — never pooled
  • Ticket data, user data, and audit logs are all tenant-partitioned
  • No multi-tenant joins or shared caches that could surface one customer's data to another
🔑

OAuth Token Storage & Encryption

Google Workspace OAuth tokens are never stored in plaintext. Encryption uses AES-256-GCM with per-record IVs.

  • Tokens encrypted at rest using AES-256-GCM before database write
  • Encryption key stored as a server-side environment variable — never in the database
  • Unique IV generated per token record — no two ciphertexts are identical even for identical inputs
  • Tokens are decrypted only at the moment of an API call — not cached in memory
  • Revocation: deleting a service connection immediately destroys the stored token — no orphaned credentials
🎯

Least-Privilege OAuth Scoping

TicketZero requests the minimum Google Admin SDK scopes required to do its job. No broad directory access, no Drive, no Gmail. The OAuth consent screen shows exactly what's requested.

admin.directory.user
Read user accounts to verify identity during ticket triage. No write access granted through this scope.
admin.directory.user.security
Trigger password resets and force re-authentication. Scoped to security operations only — does not permit account creation, deletion, or role changes.

TicketZero does not request access to Gmail, Drive, Calendar, Groups, Org Units, billing, or domain settings. If a future feature requires additional scopes, we will disclose them explicitly before any customer is asked to re-authorize.

📋

Audit Logging

Every automated action TicketZero takes against your Google Workspace is recorded with a full, immutable audit trail.

  • Timestamp, action type, affected user, and resolution outcome logged per event
  • Ticket lifecycle: created → triaged → resolved (or escalated) — each state transition recorded
  • AI classification rationale stored alongside the action — reviewable post-hoc
  • Compliance teams can pull full action history via the Dashboard
  • Logs are append-only — no overwrite on re-resolution
🔄

Forced Password Change by Default

When TicketZero resets a user's Google password, it always sets the change on next login flag. This is not configurable off — it's a security default baked into the resolution flow.

  • Temporary password is valid for a single login only
  • User must set their own password before the session is usable
  • Eliminates the risk of a shared or logged temporary credential persisting
  • Matches NIST 800-63B guidance on temporary credential handling
⚖️

Compliance Relevance

We serve firms in regulated verticals. Here's an honest assessment of where we stand relative to common compliance frameworks.

Framework Relevance to TicketZero Current Status
GLBA Applies to CPA and financial advisory firms. Requires safeguards on systems that access client financial data. TicketZero manages IT access controls (passwords, accounts) — these are GLBA-relevant systems. Encryption at rest, access logging, and least-privilege scoping are designed to support GLBA Safeguards Rule compliance. Architecture sound
SOX Applies to public companies and their auditors. IT access controls and change logs are in scope for SOX IT General Controls. TicketZero's audit trail supports evidence collection for access control reviews. Audit trail in place
HIPAA Applies to covered entities and business associates. TicketZero processes employee IT requests, not patient data — and does not act as a BAA-covered entity in the standard deployment. Firms in this space should consult counsel on TicketZero's role in their BAA chain. BAA on roadmap
SOC 2 Trust service criteria covering security, availability, and confidentiality. Encryption, access controls, logging, and incident response processes described here are aligned with SOC 2 Security criteria. Formal audit has not been initiated. Audit planned
🗂️

Data Retention & Deletion

We don't keep your data after the relationship ends.

  • Ticket records retained while your account is active for audit and support purposes
  • On cancellation: Google OAuth tokens are revoked and deleted immediately
  • Ticket history and user data are purged within 30 days of account closure
  • No data sold, licensed, or used for model training — it belongs to your organization
  • Deletion requests honored within 5 business days on written request
🚨

Incident Response

If we detect or are notified of a security event affecting your tenant, here's the process:

  • Token compromise: Immediately revoke affected OAuth credentials in Google. Reset connection. Notify the account admin within 24 hours.
  • Data breach: Isolate affected tenant data. Notify impacted customers within 72 hours. Provide an incident report with scope and remediation steps.
  • Service outage: Status updates via dashboard. Estimated resolution communicated within 2 hours of confirmed incident.
  • Security disclosures: security@ticketzero100.polsia.app

Questions before you sign on?

Compliance teams are welcome to request a security review call. We'll walk through the architecture, answer questions, and share our current controls documentation.

Open Dashboard View Pricing