Your ranch data, seriously protected
A ranch's inventory, finances and operations are sensitive information. Here's how we protect it, and how you can report any security finding to us.
Per-account isolation
Each ranch is isolated at the database level (Row Level Security on every table). One account cannot see or touch another's data, and that isolation is tested automatically on every code change.
Encryption in transit and at rest
All traffic travels over HTTPS with strict HSTS and data is stored encrypted at rest. Security headers (CSP included) are applied across the whole platform.
Backups and recovery
Automatic database backups with documented restore procedures and secrets under a rotation policy.
Auditing and minimal exposure
Critical actions are kept in an immutable log (who, what and when). Personal data is minimized and masked in internal logs, complying with Colombia's data protection Law 1581.
Security in the development lifecycle
Static security analysis, secret detection and dependency auditing run on every change before reaching production, plus periodic dynamic scanning and real-time error monitoring.
No third-party trackers
We don't use tracking cookies or advertising pixels. Product measurement is first-party, anonymous and without personal data.
Subprocessors
Infrastructure providers that process data to deliver the service. We keep this list up to date; if it changes, it's updated here.
| Provider | Role | Location |
|---|---|---|
| Vercel | Web application hosting | United States |
| Supabase | Database, authentication and file storage | United States |
| Anthropic | Artificial intelligence (Neo: message understanding and vision) | United States |
| OpenAI | Voice note transcription (Whisper) | United States |
| Meta Platforms | WhatsApp messaging (Cloud API) | United States |
| Resend | Transactional email | United States |
| Sentry | Application error monitoring | United States |
Responsible vulnerability disclosure
If you find a security vulnerability, we ask you to report it privately before disclosing it: write to us at security@neoganadero.com with the steps to reproduce it. We acknowledge receipt within a maximum of 72 hours, keep you informed about the fix and give credit if you wish. Our security.txt file (RFC 9116) publishes these channels.
We ask that you not access third-party data, not degrade the service (no denial of service or spam) and not use social engineering against our team or customers. Tests on your own test accounts are welcome.
The processing of personal data is governed by our Data Policy (Law 1581 of 2012, Colombia).