Branova Projects Home

Security Policy

How we protect your workspace.

Last updated: 6 July 2026

Security is built into Branova Projects from the ground up.

1. Data isolation

Strict multi-tenancy — every query is scoped by organization (org_id), so tenants can never read each other's data.

2. Authentication

3. Transport & headers

All traffic is served over HTTPS. We send X-Content-Type-Options, X-Frame-Options and Referrer-Policy headers, and enforce a same-origin (CSRF) guard on all state-changing requests.

4. Payments

Card data is processed entirely by Razorpay (PCI-DSS compliant). Webhooks are verified by HMAC signature.

5. Access control

Role-based permissions (Owner, Administrator, Manager, Member, Viewer, Guest) govern every action, and an audit log records changes.

6. Reporting a vulnerability

Found an issue? Email projects@branova.in with details. We appreciate responsible disclosure and will respond promptly.