Policy

Security

Last updated: December 2025

Overview

OptimAIzed builds workflow automation systems intended for enterprise environments. We prioritize security by design, minimize access requirements, and deliver code so clients can run systems on their own infrastructure.

Access control

• MFA is required for all source control and cloud accounts used in delivery.
• Least privilege: we request only the minimum scopes/permissions needed.
• Access is time-bound and removed when no longer required.

Secrets management

• No secrets are committed to git repositories.
• Secrets are stored in secret managers or client-approved secure storage.
• Configuration uses environment variables and documented setup steps.

Secure delivery model

• One-time delivery with full source code and documentation.
• Systems are designed to operate without callbacks or telemetry to OptimAIzed.
• Client retains full control of hosting, identity, and data.

Secure development practices

• Security-focused code review before delivery.
• Dependency review and vulnerability checks for third-party packages.
• Input validation and safe defaults for integrations and webhooks.

Contact

Security questions or vulnerability reports: sergio@optimaized.io.