Mahon CRM security

Mahon CRM is designed around authenticated access, tenant-scoped CRM data, Supabase row level security, and server-side controls for billing, integrations, automation, and AI endpoints.

Controls

• Authenticated app routes and organization-scoped records.
• Server-side validation for CRM, billing, integrations, and AI workflows.
• Rate limits on high-cost and automation endpoints.
• Stripe webhook signature verification for billing events.
• Operational logs for failed provider calls without exposing sensitive details to users.

Responsible disclosure

Report suspected vulnerabilities to security@silverowl.dev. Include the affected URL, reproduction steps, expected impact, and any relevant logs or screenshots.