How we protect your account
Plain-English summary of the controls behind AriesLift.
Hosting
AriesLift runs on Google Cloud Platform in the United States (us-central1). All public traffic terminates TLS at our edge proxy (Caddy with Let's Encrypt R10/R11 certificates) before reaching the application services on a private docker network.
Authentication
- Email + password via Keycloak — passwords are PBKDF2-hashed and never stored in plain text.
- Brute-force protection: Keycloak temporarily locks accounts after repeated failed sign-ins.
- Sessions expire after 1 hour idle / 10 hours absolute and are tied to a JWT signed with a per-environment secret.
Payment data
Card numbers never touch our servers. Customers pay through Stripe-hosted checkout. We store only the Stripe customer ID and the last-4 of the card for display. Webhook payloads are signature-verified and de-duplicated by event ID.
Encryption
- In transit: TLS 1.2+ on every public endpoint.
- At rest: managed disk encryption on the application VM and on the Postgres data volume. Backups in Google Cloud Storage are encrypted with Google-managed keys.
- Sensitive third-party tokens (e.g. Cal.com integration tokens) are wrapped with a per-environment Fernet key before being stored.
Backups & disaster recovery
Postgres is backed up nightly to Google Cloud Storage with a 30-day retention. The streaming hot-standby replica gives sub-second RPO for read failover. Restore drills are run on a recurring basis.
Access control
Production access is limited to the operator team via Google Cloud Identity-Aware Proxy (IAP) — no public SSH ports. CI/CD uses Workload Identity Federation, so there are no long-lived service-account JSON keys in any GitHub repository or developer machine.
Reporting a vulnerability
Email arieslift-support@ariesview.com with a description of the issue and steps to reproduce. We acknowledge within 2 business days and aim to ship a fix within 14 days for high-severity issues.