Security at Liwoz

Last updated: 2026-06-28

Overview

At Liwoz, we take security seriously. Your data is protected by industry-standard encryption, multi-factor authentication, and secure AWS infrastructure.

1. Data Encryption

In Transit (HTTPS)

All communication between your device and Liwoz is encrypted using TLS 1.2+. We enforce HTTPS on all pages — HTTP is disabled.

At Rest (AES-256)

Sensitive data (passwords, API keys, payment information) are encrypted at rest using AES-256. Your workspace data is stored on AWS RDS (MySQL 8.0) with encryption enabled.

BYOK (Bring Your Own Key)

For Pro and Business plans: You can provide your own API keys for third-party AI services (OpenAI, Anthropic). These keys are encrypted and never visible to Liwoz staff.

2. Authentication & Authorization

Password Security

Passwords are hashed using bcrypt (industry standard). We enforce password complexity requirements (min. 8 characters).

Two-Factor Authentication (2FA)

Liwoz supports 2FA via TOTP (time-based one-time password) for all users. Super admins are required to enable 2FA.

OAuth Integration

You can log in via GitHub or GitLab. We use OAuth 2.0 standard for secure authentication. Your password is never shared with these services.

Session Management

Sessions are stored securely with httpOnly and Secure flags. Sessions expire after 30 days of inactivity.

3. Infrastructure Security

AWS Hosting

Liwoz is hosted on Amazon Web Services (AWS) in the eu-west-3 region (Paris, France). AWS provides industry-leading security with SOC 2, ISO 27001, and GDPR compliance.

Network Security

Our infrastructure uses security groups (firewalls) to restrict network access. Database access is limited to application servers only.

Backups & Disaster Recovery

Daily automated backups are taken and stored in a separate AWS region. 30-day backup retention allows recovery from data loss or ransomware.

4. Audit & Monitoring

Audit Trail

All data modifications are logged (soft deletes — data is never permanently deleted). Admin actions are tracked and logged for compliance.

Error Tracking

Errors are monitored via Sentry (with privacy mode enabled). Sensitive data is never logged.

Security Updates

We monitor Laravel, PHP, and dependency security advisories. Critical patches are applied within 24 hours.

5. Access Control

Role-Based Access Control (RBAC)

Different user roles (Super Admin, Owner, Member) have different permissions. Workspaces are isolated — one user cannot access another's workspace data.

Admin Access

Admin access is restricted to 2FA-protected accounts. All admin actions are logged.

6. Compliance

Liwoz complies with:

7. Vulnerability Disclosure

Found a security vulnerability? Please email security@liwoz.com with details. We follow responsible disclosure and will respond within 48 hours.

Do not:

We will acknowledge receipt, work to fix the issue, and credit you in our security advisory (if desired).

8. Security Best Practices for Users

Questions?

For security questions: security@liwoz.com
For privacy questions: privacy@liwoz.com