Your inventory data, protected
Inventory is operational data — and when an AI assistant can touch it, security matters even more. Here’s how we keep your account, your data and your AI connections safe.
Standards-based auth
Accounts and AI connections authenticate with OAuth 2.1 — no shared API keys to leak. You can revoke any connection at any time.
Per-company isolation
Every request is scoped to a single company. One account’s data is never visible to another, and AI access is bound to the exact company you authorize.
Encrypted in transit
All traffic is served over HTTPS, and access tokens issued to AI clients are encrypted so their contents can’t be read or tampered with.
How AI access is secured
The built-in MCP server that lets Claude work with your inventory is protected by the same OAuth server that powers your account — it is not an open or unauthenticated endpoint.
- You authorize explicitly. Connecting an AI client sends you through a sign-in and consent screen. Nothing connects silently.
- Scoped to one company. The company you choose at authorization is the only data that connection can ever see or change.
- Acts as you, not above you. AI connections can only do what your account is permitted to do.
- Revocable instantly. Remove the connector in your AI client or revoke the application from your account, and access stops right away.
Account protection
- Passwords are stored using industry-standard one-way hashing — we never store them in plain text.
- Sign-in is rate-limited and protected against automated abuse.
- You control who is invited into your company and can remove members at any time.
Reliability & backups
Your data is hosted on managed cloud infrastructure with regular automated backups. You can view current uptime on our status page.
We appreciate responsible disclosure. Email security@simpleinventorymanagement.com and we’ll respond promptly.