Security
Mahon CRM security
Mahon CRM is designed around authenticated access, tenant-scoped CRM data, Supabase row level security, and server-side controls for billing, integrations, automation, and AI endpoints.
Controls
- Authenticated app routes and organization-scoped records.
- Server-side validation for CRM, billing, integrations, and AI workflows.
- Rate limits on high-cost and automation endpoints.
- Stripe webhook signature verification for billing events.
- Operational logs for failed provider calls without exposing sensitive details to users.
Responsible disclosure
Report suspected vulnerabilities to security@silverowl.dev. Include the affected URL, reproduction steps, expected impact, and any relevant logs or screenshots.