Security

Podz is built for organizations that hold sensitive program and people data. We take authentication, access control, and data handling seriously.

Authentication

Users sign in via Firebase Authentication (email, Google, and other supported providers). Sessions are validated on each API request. Organization-scoped data is enforced server-side — not only in the UI.

Access control

Data is scoped to organizations. Staff and admin roles control who can manage mandates, commitments, billing, and integrations within an org. The authenticated app routes are not indexed by search engines.

Infrastructure

Podz runs on Google Cloud (Cloud Run for the API, object storage for static assets and uploads). Production traffic is served over HTTPS. API and frontend are deployed with cache strategies that avoid serving stale application shells.

Integrations

Optional integrations (Slack, Gmail, SMS via Twilio, Stripe for billing) connect only when authorized by your organization. Integration credentials are stored securely and scoped to the connecting org.

Questions

For security inquiries or to report a concern: info@podz.ai

We only use cookies to store your preferences and to keep you logged in. By continuing to use this website, you agree to our use of cookies.