Security at Discovry.
We connect to your Google accounts and process client data on your behalf. We take that responsibility seriously. Here's how we protect your data.
Encryption in transit & at rest
All data is transmitted over TLS 1.2+. Data at rest is encrypted using AES-256. Database backups are encrypted before storage.
Access control
Production access is restricted to a minimal set of engineers and requires multi-factor authentication. All access is logged and audited. We follow the principle of least privilege throughout our infrastructure.
OAuth & credentials
We connect to your Google Business Profile via OAuth 2.0. We never store your Google password. OAuth tokens are encrypted at rest and scoped to the minimum permissions required to perform the automations you've configured.
Infrastructure
Discovry runs on AWS in the ap-southeast-2 (Sydney) region with automated failover. We use isolated environments for development, staging, and production — data never crosses these boundaries.
Uptime & incidents
We target 99.9% monthly uptime for the core platform. Incidents are communicated via our status page. Post-incident reports are published for any downtime exceeding 30 minutes.
Compliance
We are pursuing SOC 2 Type II certification. We comply with the Australian Privacy Act 1988 and, for users in the EU, the GDPR. Sub-processors are listed in our Privacy Policy and are required to maintain equivalent security standards.
Vulnerability disclosure
If you discover a security vulnerability, please email security@discovry.live with a description and reproduction steps. We will acknowledge receipt within 24 hours and aim to resolve confirmed vulnerabilities within 30 days. We do not currently operate a bug bounty programme, but we recognise and thank every responsible reporter.