Security at Garrizon

All data is encrypted in transit via TLS 1.3. Data at rest is encrypted using AES-256 on Cloudflare's global network. Your credentials are hashed with PBKDF2-SHA256 — we never store plaintext passwords.

Every organization's data is strictly isolated at the database level. All queries are scoped by organization ID. There is no shared data space — one tenant can never access another's records.

Garrizon runs on Cloudflare Workers — a serverless edge network spanning 300+ cities in 100+ countries. No traditional servers to misconfigure, patch, or leave exposed. DDoS protection built-in.

Session-based authentication with secure, HTTP-only cookies. CSRF protection on all mutating endpoints. Rate limiting on login, signup, and public verification endpoints. OAuth 2.0 support for social login.

All uploaded evidence (photos, videos, documents) is SHA-256 hashed at upload time. Every access is audit-logged with user ID, timestamp, and IP. Tampering is cryptographically detectable.

Role-based access control with four levels: Admin, Supervisor, Manager, and Guard. Every sensitive action is logged. Evidence access generates audit entries. Sessions can be revoked instantly.

Data is stored on Cloudflare D1 with automatic replication. Backups are performed automatically. Your data never leaves Cloudflare's trusted infrastructure. We do not sell, share, or monetize customer data.

Automated patrol certificate generation with public verification links — insurers and auditors can verify without creating an account. Guard certification tracking with expiration alerts.