Team Admin
Security
How autoGMS protects your data.
Security
Data Encryption
- At rest — All data is stored in Neon PostgreSQL with encryption at rest enabled by default.
- In transit — All connections use TLS/HTTPS.
- Secrets — Integration OAuth tokens and API keys are encrypted with AES-256-GCM before storage. Encryption keys are managed separately from the database.
Authentication
autoGMS uses BetterAuth for authentication, supporting:
- Email and password sign-in.
- Session-based authentication with secure, HTTP-only cookies.
- Sessions expire after inactivity and can be revoked from Team settings.
Authorization
Access control is enforced at multiple levels:
- Team membership — Users can only access Teams they belong to.
- Garage membership — Garage-scoped roles (Receptionist, Technician) restrict access to assigned Garages.
- Role permissions — Each role has a defined set of allowed actions (see Team Roles).
- Feature gating — Plan-based feature flags control access to premium features.
Audit Logging
Administrative actions are recorded in an audit log, including:
- Member invitations and removals.
- Role changes.
- Garage creation and archival.
- Integration connections and disconnections.
Team Owners can review the audit log in Team settings.
Responsible Disclosure
If you discover a security vulnerability, please contact us at security@autogms.com. We take all reports seriously and respond within 48 hours.