Authenticated access
Supabase Auth sessions, organization context and server-side RBAC guard sensitive workflows.
Trust Center
Built for cloud metadata, credentials and evidence that need careful handling.
TurboFinOps treats security as architecture: tenant isolation, encrypted credentials, guarded actions and audit trails are part of the core workflow.
Request Security ReviewTenant isolation
Every tenant data path is scoped to organizationId before resources, findings or actions are returned.
Encrypted credentials
Cloud credentials and AI keys are encrypted at rest, never logged, and never returned to the client.
Immutable audit trail
State-changing operations produce audit logs with actor, timestamp, action and result.
Architecture
Four layers, one trust model.
Controls are distributed across API, workers, data access and governance workflows so no single UI state is trusted as the source of authorization.
1
Control plane
Auth, RBAC, request validation, tenant context
2
Execution plane
BullMQ workers, state machines, credential scoping
3
Data layer
Prisma models, organization scoping, encrypted secrets
4
Governance layer
Rules, action guardrails, evidence artifacts
Processed
- Cloud resource metadata
- Findings and scores
- Action and audit history
- Integration configuration
Not processed
- Storage object contents
- Customer application logs
- Customer workload end-user records
- Network packet data
Responsible disclosure
Report vulnerabilities to security@turbofinops.com. Include reproduction steps, observed impact and any suggested mitigations.
Certification status
TurboFinOps is building toward formal third-party certifications. Enterprise teams can request current controls, architecture details and readiness documentation.
TurboFinOps
Start with one cloud scope. Prove savings fast.
Connect AWS, Azure, or GCP and get actionable findings, score trends, and auditable remediation paths in minutes.
Built for FinOps, governance and audit workflows