Sever
Start trial
MenuClose

Security

Admin-gated security for offboarding evidence.

Server-side Google admin checks, cookie-backed sessions, org-scoped RLS, and no employee data in browser storage.

  • Server session cookies
  • Org-scoped RLS
  • No browser storage

Problem

Offboarding evidence proves who lost access and when.

Sever keeps that record behind verified admin sessions, org-scoped database access, and server-controlled storage.

Product-wide controls

The security boundary stays server-side.

Sever keeps the product narrow: verified admin access, org-scoped records, purpose-bound Google permissions, and controlled evidence storage.

Session boundary

Cookie-backed server sessions keep access checks on the server.

Tenant boundary

Org-scoped database access keeps records inside the active organization.

Storage boundary

Employee and report records do not move into browser storage.

Tenancy

RLS-first tenancy

Organization boundaries are enforced at the database layer. Cross-org access is blocked structurally, not left to client logic or view filtering.

Access

Verified admin access

Dashboard access is limited to authorized Google Workspace administrators, and sensitive server routes re-check organization role and Google admin eligibility.

Privacy

No browser-side employee storage

Employee and report data stay in the server-backed application flow. Sever does not write those records to localStorage or sessionStorage.

Defense

Safe auth and request handling

OAuth redirect targets are restricted to safe same-origin paths, and state-changing routes remain protected with CSRF defenses.

Scopes

Purpose-bound Google scopes

Sever requests Google identity, Directory user, and user security-session scopes for admin verification, offboarded-user sync, and authorized deprovisioning actions. It does not request Gmail, Calendar, or Drive content.

Encryption

Encryption in transit and at rest

Traffic is encrypted in transit, and stored data is protected by managed provider encryption, tenant RLS, server-side authorization, and private report artifact storage.

Evidence

Evidence without exposing more than necessary

The product is designed to retain the facts needed for access review and export without turning that workflow into broad employee data sprawl.

Start your free trial

Validate the workflow with your own organization.

Connect Google Workspace, review the queue, and see how the product behaves before you commit to a paid plan.

Privacy policySecurity FAQ

Free trial · No credit card required · Google Workspace admin sign-in required

Free trial includes Google Admin sync and a limited offboarded-employee dashboard. Paid plans add connected-app access detail, revocation evidence, and unlimited report exports.