Access
Controls
Policy

This policy defines how Ajeris controls access to production systems, consumer data, and administrative interfaces. It establishes least privilege, enforces multi-factor authentication on every infrastructure account, and specifies how user data is isolated from other users and from operators.

Covers:

• ◆Administrative access to source code, deployment platforms, and third-party consoles
• ◆Application-level access controls that isolate one user from another
• ◆Authentication of inbound webhooks and API calls
• ◆Authentication of end users
• ◆OAuth token and API key handling on behalf of users
• ◆Service-to-service authentication

Every user is identified by a stable UUID. The phone number is a mutable claim, not an identity. First-time registration: an unknown phone sends an SMS, the gateway validates the webhook via Twilio HMAC, mints a 192-bit cryptographically random token, and SMSs a setup link back. Tapping the link on the phone proves possession. The token is single-use and expires in 24 hours.

Consumer authentication today is SMS-based possession verification. WebAuthn / passkey support is designed and on the roadmap. Until implemented, consumer authentication should be understood as single-factor possession.

• ◆Every table with user data has a userId foreign key. Every read and write scopes by userId.
• ◆PostgreSQL Row-Level Security is enforced via a withUserContext() helper that sets a transaction-scoped session variable; RLS policies consume it so even a query bug cannot return another user's row.
• ◆Per-user agent containers run with settingSources: [] and autoMemoryEnabled: false. No shared state between containers.
• ◆OAuth tokens are stored with a unique constraint on (userId, service), encrypted with pgcrypto pgp_sym_encrypt, never logged, never returned in API responses.

Every account that can touch production is protected by multi-factor authentication.

• ◆GitHub, Railway, Twilio, Plaid, Anthropic, AWS (Alexa): MFA required at the provider level.
• ◆SSH key authentication only. Password authentication is disabled on every remote system.
• ◆Production database: not publicly reachable, SSL required, separate credential for administrative access.
• ◆Secrets live only in environment variables. Never committed. Development and production use different encryption keys.

• ◆Twilio: every inbound SMS webhook is validated against Twilio's HMAC signature before any business logic runs.
• ◆Alexa: every skill request is validated against the Alexa request signature before dispatch.
• ◆OAuth callbacks: each provider uses its own signed redirect with state-parameter CSRF protection.
• ◆Unsigned requests are rejected with 401 before reaching application code.
• ◆Internal service-to-service: the agent container accepts HTTP requests only from the gateway, authenticated via a shared secret set per-container at provisioning.

• ◆New infrastructure accounts created with minimum permissions. MFA enforced before any action.
• ◆Credentials issued per-person; shared credentials are not permitted.
• ◆Compromised credentials revoked within 4 hours of discovery.
• ◆Upon user account deletion: all OAuth tokens revoked at the provider, encrypted token rows cascade-deleted.

Access across all providers is reviewed annually, upon any personnel change, and upon any security incident.

• ◆Gateway and agent services emit structured logs (Winston) for every authenticated action.
• ◆Failed authentication attempts (bad Twilio signature, expired or invalid tokens) are logged at warn level with enough context to detect patterns.
• ◆Infrastructure console access is audited by the provider; logs are reviewed after any security incident.

This policy is reviewed:

• ◆Annually
• ◆Upon any significant change to the identity, authentication, or isolation model
• ◆Upon any security incident
• ◆Before onboarding any new third-party data provider

Next scheduled review: April 2027.

Access control questions or incident reports: hi@ajeris.com.