Docs
Team Admin

Security

How autoGMS protects your data.

Security

Data Encryption

  • At rest — All data is stored in Neon PostgreSQL with encryption at rest enabled by default.
  • In transit — All connections use TLS/HTTPS.
  • Secrets — Integration OAuth tokens and API keys are encrypted with AES-256-GCM before storage. Encryption keys are managed separately from the database.

Authentication

autoGMS uses BetterAuth for authentication, supporting:

  • Email and password sign-in.
  • Session-based authentication with secure, HTTP-only cookies.
  • Sessions expire after inactivity and can be revoked from Team settings.

Authorization

Access control is enforced at multiple levels:

  1. Team membership — Users can only access Teams they belong to.
  2. Garage membership — Garage-scoped roles (Receptionist, Technician) restrict access to assigned Garages.
  3. Role permissions — Each role has a defined set of allowed actions (see Team Roles).
  4. Feature gating — Plan-based feature flags control access to premium features.

Audit Logging

Administrative actions are recorded in an audit log, including:

  • Member invitations and removals.
  • Role changes.
  • Garage creation and archival.
  • Integration connections and disconnections.

Team Owners can review the audit log in Team settings.

Responsible Disclosure

If you discover a security vulnerability, please contact us at security@autogms.com. We take all reports seriously and respond within 48 hours.

On this page