Systemi Security Whitepaper

Systemi is an engineering analytics platform that helps software teams measure and improve delivery performance. We integrate with Jira, GitHub, and Slack to compute metrics such as cycle time, throughput, WIP, and engagement.

This document describes the security architecture, data handling practices, and compliance controls implemented throughout the platform. It is intended for enterprise security, compliance, and procurement teams evaluating Systemi for their organization.

Systemi is built on a modern, secure stack:

• Frontend: Next.js (React) with server-side rendering, deployed on Vercel's edge network
• API Layer: tRPC with end-to-end type safety and server-side session validation
• Database: PostgreSQL with Prisma ORM, hosted on managed infrastructure with automated backups
• Integrations: Read-only API connections to Jira, GitHub, and Slack

For enterprises requiring maximum data sovereignty, Systemi offers an on-premise deployment option via Docker, where all data remains within the customer's network.

• Session-Based Authentication: All API endpoints are protected by server-side session validation. Sessions are cryptographically generated with automatic expiration.
• Multi-Factor Authentication: TOTP-based MFA using standard authenticator apps. Backup codes are provided for account recovery.
• Email Verification: Required before accessing sensitive features (integration configuration, data export).
• Password Security: bcrypt hashing with appropriate cost factors. Passwords are never stored or logged in plain text.
• Role-Based Access: Organization-level access control. Admin and member roles with different permission levels.

Encryption

• TLS 1.2+ for all data in transit (browser-to-server and server-to-integration APIs)
• AES-256-GCM application-level encryption at rest for all sensitive fields (API tokens, OAuth credentials, MFA secrets)
• Integration credentials (API tokens, bot tokens, private keys) are encrypted before storage using a customer-managed encryption key
• Passwords are hashed with bcrypt (cost factor 12); MFA backup codes are hashed before storage

Tenant Isolation

Each organization's data is logically isolated at the database level. All queries are scoped to the authenticated user's organization ID. There is no mechanism for cross-tenant data access. This isolation is enforced at the ORM layer (Prisma) with runtime organization ID binding on every query.

Data Retention

Configurable per organization (30 days for free plans, up to 2 years for paid plans). Data exceeding the retention window is automatically and permanently deleted. Account deletion triggers complete data removal within 30 days.

All third-party integrations follow the principle of least privilege:

Jira

• Read-only API access via user-provisioned API token
• Accesses only issue metadata: key, type, status, priority, assignee, timestamps, story points
• Does not access: descriptions, comments, attachments, Confluence data

GitHub

• Read-only access via Personal Access Token or GitHub App installation
• Accesses only PR/commit metadata: titles, authors, reviewers, timestamps, change counts
• Does not access: source code, file diffs, secrets, environment variables, Actions logs

Slack

• Bot Token with minimal scopes: channels:read, channels:history, users:read, users:read.email
• Message text is parsed for metadata (mentions, Jira keys, GitHub URLs) then immediately discarded
• Does not access: DMs, private channels, file uploads, workspace administration
• No message content is ever stored in our database

• Cloud Hosting: Deployed on Vercel (AWS-backed) with global edge network, automatic SSL, and DDoS protection
• Database: Managed PostgreSQL with automated daily backups, point-in-time recovery, and high availability
• Monitoring: Application-level error tracking and performance monitoring
• Dependencies: Regular dependency audits and updates for known vulnerabilities
• Background Jobs: Cron-triggered sync jobs are protected by shared secrets and reject unauthorized invocations

Systemi uses OpenAI APIs to generate metric explanations and improvement suggestions. All AI interactions follow strict privacy rules:

• No personally identifiable information (PII) is sent to AI models
• Only anonymized, aggregated metric values are included in prompts
• Individual names, emails, and identifiers are never transmitted
• OpenAI API data is not used for model training (per OpenAI's enterprise API terms)

Cloud SaaS

Fully managed by Systemi. Data is encrypted and tenant-isolated. No infrastructure management required from the customer.

On-Premise / Self-Hosted

Distributed as a Docker image (compiled production build — no source code). Customers provide their own PostgreSQL database. All data remains within the customer's network. Outbound traffic is limited to API calls to Jira, GitHub, and Slack.

Systemi implements security controls aligned with industry standards:

• Data minimization (only metadata collected, no content)
• Configurable data retention with automatic purging
• Data export capability (GDPR right to data portability)
• Account and organization deletion (GDPR right to erasure)
• Tenant data isolation at the database level
• Audit-ready integration permission model (read-only)

SOC 2 Type II certification is on our roadmap. Contact us for the latest compliance status.