Security & trust

Your inventory data, protected

Inventory is operational data, and when an AI assistant can touch it, security matters even more. Here’s how we keep your account, your data and your AI connections safe.

Standards-based auth

Accounts and AI connections authenticate with OAuth 2.1, so there are no shared API keys to leak. You can revoke any connection at any time.

Per-company isolation

Every request is scoped to a single company. One account’s data is never visible to another, and AI access is bound to the exact company you authorize.

Encrypted in transit

All traffic is served over HTTPS, and access tokens issued to AI clients are encrypted so their contents can’t be read or tampered with.

How AI access is secured

The built-in MCP server that lets Claude work with your inventory is protected by the same OAuth server that powers your account. It is not an open or unauthenticated endpoint.

  • You authorize explicitly. Connecting an AI client sends you through a sign-in and consent screen. Nothing connects silently.
  • Scoped to one company. The company you choose at authorization is the only data that connection can ever see or change.
  • Acts as you, not above you. AI connections can only do what your account is permitted to do.
  • Revocable instantly. Remove the connector in your AI client or revoke the application from your account, and access stops right away.

Account protection

  • Passwords are stored using industry-standard one-way hashing, so we never store them in plain text.
  • Sign-in is rate-limited and protected against automated abuse.
  • You control who is invited into your company and can remove members at any time.

Single sign-on (SSO)

For companies that want to centralize access, Simple Inventory Management supports SAML 2.0 single sign-on. Put your inventory behind your own identity provider (Okta, Microsoft Entra ID, Google Workspace, OneLogin and others) so the people who can reach your data are exactly the people your IdP approves.

  • Domain verification. Claim your email domain and prove ownership with a DNS TXT record before SSO can be enabled.
  • Require SSO. Force everyone on your verified domain to authenticate through your identity provider, and password login is blocked for them.
  • Auto-provisioning. Optionally add people from your domain to the company automatically on their first SSO login.
  • Central lifecycle. Onboard and offboard from your IdP: remove someone there and their access here ends too.

See the single sign-on page for the full setup, or read why SAML SSO is no longer optional.

Reliability & backups

Your data is hosted on managed cloud infrastructure with regular automated backups. You can view current uptime on our status page.

Found a vulnerability?

We appreciate responsible disclosure. Email security@simpleinventorymanagement.com and we’ll respond promptly.

Looking for the details of how the AI connection is built? See the Connect Claude guide.