Security

Deployment architecture.

• — Local-first deployment
• — No dependency on external cloud infrastructure for core operation
• — Network exposure minimized by design

Each Vigora deployment runs as an isolated tenant — its own database, its own configuration, its own signal map. Customer deployments do not share infrastructure or data with each other.

Data security.

• — All captured data is stored within the customer-controlled environment
• — No external transmission unless explicitly configured
• — No third-party data sharing

Access control.

• — Role-based access for system users
• — Authentication required for system interaction (JWT-based, with PBKDF2 password hashing)
• — Remote access (if enabled) is restricted and logged

System integrity.

• — Vigora does not write to PLCs during pilot deployments
• — Control hooks (if any) are disabled by default
• — Any automation is enabled only with explicit authorization

Monitoring and updates.

• — System logs maintained for operational traceability
• — Updates applied in controlled manner
• — No forced remote updates without visibility

Responsible use.

Security also depends on deployment practices:

• — Proper network segmentation is recommended
• — Access credentials must be managed securely by the operator
• — Physical system access should be controlled

Reporting vulnerabilities.

If you identify a potential security issue, write to [email protected] . We respond within one business day. Coordinated disclosure is appreciated — please give us the opportunity to address an issue before public disclosure.