Built by a cybersecurity professional, InventoryOS is designed security-first. We protect your device and software inventory data at every layer—from encryption in transit and at rest to tamper-resistant agents and comprehensive audit logging.
Your inventory data is protected at every stage of its lifecycle.
All data in transit is encrypted using TLS 1.2+ with 256-bit cipher strength. Every API call, agent heartbeat, and web session is protected.
Database storage uses encryption at rest. Your device inventory, software catalog, and compliance data are secured even when stored.
We use PostgreSQL with Prisma ORM for type-safe, parameterized queries. This reduces injection risk and ensures data integrity.
Strong identity verification and granular permissions for every user and API.
Multi-factor authentication using TOTP (Time-based One-Time Passwords) is supported for all user accounts. Add an extra layer of protection beyond passwords.
Owner, Admin, and Viewer roles enforce least-privilege access. Control who can manage settings, add devices, or view inventory data.
Short-lived JWT tokens for session authentication. Tokens are validated and rotated to limit exposure from stolen credentials.
Configurable password expiration policies help ensure credentials are refreshed periodically and meet complexity requirements.
After repeated failed login attempts, accounts are automatically locked to protect against brute-force attacks.
Our inventory agents are built with integrity and authenticity in mind.
Windows and macOS agents are code-signed. Users can verify that the software they install comes from InventoryOS and hasn’t been modified.
macOS agents are Apple notarized. Gatekeeper validates them before execution, ensuring they meet Apple’s security requirements.
Agents include tamper protection to detect and prevent unauthorized modification. Compromised binaries are flagged and can be quarantined.
Rotate API keys with grace periods so existing integrations continue working during the transition. No unexpected downtime during key rollover.
API keys can be scoped to specific organizations or actions. Limit what each integration can access and modify.
Hosted on trusted platforms with security best practices built in.
Backend hosted on Render, frontend on Vercel. Both provide enterprise-grade infrastructure, DDoS protection, and automatic scaling.
Platform and agents receive security patches and updates automatically. Critical vulnerabilities are addressed promptly.
Cross-Site Request Forgery protections ensure that state-changing requests originate from legitimate sessions.
API and authentication endpoints are rate-limited to mitigate brute-force attempts and abuse.
HSTS, Content-Security-Policy, X-Frame-Options, and related headers are set to harden the application against common web attacks.
Visibility into every action and anomaly across your inventory.
User actions, API calls, and system events are logged. Create an audit trail for compliance reviews and incident investigation.
Unusual patterns in API key usage are detected and surfaced. Catch compromised keys or unexpected access before it becomes a problem.
Security monitoring watches for privilege escalation attempts. Changes to roles and permissions are tracked and alerted.
Errors and exceptions are captured by Sentry for rapid diagnosis and remediation. Security-relevant issues are prioritized.
Defense in depth for inputs, integrations, and API consumers.
All inputs are validated with Zod schemas. Combined with parameterized queries and output encoding, we prevent XSS and SQL injection.
Webhooks are signed so you can verify that payloads originate from InventoryOS and haven’t been tampered with in transit.
CORS is configured to allow only trusted origins. Unauthorized domains cannot make cross-origin requests to your data.
We are committed to meeting enterprise security and compliance expectations.
SOC 2 Type II certification is on our roadmap. We are building our controls and processes to support a future audit. We do not currently claim SOC 2 compliance.
14-day free trial. No credit card required. Full Professional plan access.