Security

Security is built in, not bolted on

From authentication to data isolation, every layer of Teeme is designed with security as a first-class concern.

JWT Authentication

All sessions are secured with signed JSON Web Tokens. Tokens are short-lived and automatically refreshed, minimizing exposure if a token is ever compromised.

Role-Based Access Control

Fine-grained RBAC ensures users can only perform actions their role allows. Admins, members, and viewers have clearly defined permission sets that are enforced at every API layer.

Team-Scoped Data Isolation

Projects are only visible to teams explicitly granted access. No data leaks across organizational boundaries. Every API request is verified against team membership before returning data.

Input Validation with Zod

Every API endpoint validates incoming data with Zod schemas before processing. Malformed or malicious input is rejected at the boundary, never reaching business logic or the database.

Audit Logging

Every meaningful action — creating issues, changing roles, modifying projects — is recorded with a timestamp and actor. Full history is retained so nothing goes unaccounted for.

Secure Invitations

Team invitations use cryptographically secure, single-use tokens with expiry dates. Expired or already-used invite links are automatically invalidated.

Responsible Disclosure

Found a security vulnerability? We take all reports seriously and respond within 48 hours. Please reach out before disclosing publicly.