GladiusTurf crestGladiusTurf
Security

Multi-tenant by design.
Audit-ready by default.

We're built on the same security foundation as Gladius CRM (which serves regulated automotive dealers) and Gladius BDC (which handles TCPA-regulated outbound voice). The same Postgres RLS policies, the same Clerk-managed auth stack, the same audit-log infrastructure that survives quarterly review by automotive group risk officers.

Most landscape software treats security as an afterthought — bolted on after a customer asks, retrofitted after a leak, described in marketing copy that doesn't survive contact with a procurement reviewer. We built the foundation first, because we serve regulated industries first, and the landscape product inherited the discipline.

100%

RLS coverage

0

Cross-tenant leaks

90-day

Rotating keys

Every

Action audit-logged

Principles

Five things that are non-negotiable.

  1. 01

    Your data is yours.

    Exportable to CSV any day, by any admin. No data hostage. We will help you migrate OUT if you ever leave — full schema dumps, every table, every record, your format. The day you sign is the day we start earning the right to keep you, and a contract is not a substitute for a product worth keeping.

  2. 02

    Multi-tenant means truly multi-tenant.

    Every record carries a companyId. Postgres Row-Level Security policies enforce isolation at the database layer. tRPC middleware enforces it again at the API layer. Two-layer defense, audited on every release. No tenant has ever seen another tenant's data, and that is a guarantee we engineer for, not a marketing line.

  3. 03

    No card data on our servers.

    Stripe handles all card data. We never see, store, or transmit a primary account number. PCI scope = zero. When a customer pays an invoice through the Client Portal, the card never touches our infrastructure — it travels directly from the browser to Stripe's tokenization endpoint.

  4. 04

    TCPA compliance is built in, not bolted on.

    Every outbound SMS checks consent, state-specific rules, and DNC lists before sending. Quiet-hours logic per state. Stop-keyword honored within 30 seconds. Audit log on every send, exportable. We learned this discipline in the regulated automotive market — class-action exposure starts at $500 per text, and we will not be the reason your shop is named in a complaint.

  5. 05

    Audit log everything.

    Every change to a customer record, property memory, payment, or quote is logged with who, what, when, and why. Append-only. Tamper-evident. Exportable to your own SIEM. If a foreman edits a recurring price on a route, the trail starts in your audit log and ends in your inbox if your policy says it should.

Auth

Auth that an actual security team would approve.

We do not roll our own identity. We do not store password hashes. We rent the hard problem from the people who solve it full-time, and we audit them.

Clerk-managed

SOC 2 Type II certified identity provider. Magic-link login, SSO via SAML, MFA on Pro and above. Session lifecycle, password rotation, and breach-list checks handled by a vendor whose entire product is identity.

Role-based access control

Six roles ship out of the box: Admin, Crew Chief, Field Tech, Finance, Customer, Read-Only. Granular permissions per role — Finance can void an invoice, Field Tech cannot. Custom roles available on Enterprise.

Session security

JWTs with rotating signing keys (90-day rotation). HttpOnly + Secure cookies, SameSite=Lax. CSRF tokens on every state-changing request. Sessions invalidated server-side on password change or admin revoke.

Customer access

Magic-link only on the Client Portal. No passwords for end customers — phishing surface eliminated. 30-day session, revocable any time by the crew owner. One-tap log-out clears every device.

Isolation

Two layers between any two crews' data.

Every row in our database carries a companyId. That field is not optional, not nullable, not editable by application code. It is set once at row-creation time inside a transactional hook and never moves.

  • Layer 1 — database

    Postgres Row-Level Security policies on every tenant table. The current companyId is set per-request from the authenticated session — queries cannot read or write rows they don't own, even if application code tries.

  • Layer 2 — API

    tRPC middleware re-checks the companyId on every procedure. Defense in depth: even if a future RLS policy regresses, the API layer catches it before a response leaves the server.

  • Layer 3 — tests

    Every release runs a cross-tenant leak suite that spins up two synthetic companies and asserts neither can see the other's rows through any code path. The build fails if it does.

Request lifecycle

Browser

Authenticated session · companyId = ACME

Layer 2 — tRPC middleware

Asserts session.companyId === input.companyId. Reject otherwise.

Layer 1 — Postgres RLS

USING (company_id = current_setting('app.company_id'))

Tenant A

ACME crew

Tenant B

Banner Lawn

Two silos. No shared rows. Ever.

Compliance

Where we are. Where we're going.

Public roadmap. We update this page when an item ships, when an audit closes, when a date slips. No vapor.

Done now

  • PCI compliance via Stripe

  • TCPA compliance for SMS and voice

  • GDPR data-export endpoint

  • Multi-tenant Postgres RLS

  • Encrypted at rest (AES-256) + in transit (TLS 1.3)

In progress

  • SOC 2 Type II audit (Q3 2026)

  • HIPAA-readiness for crews servicing hospitals and care facilities

  • State pesticide license API integration — auto-verify before dispatch

Roadmap

  • ISO 27001 (Q1 2027)

  • California CCPA portal

  • Penetration test schedule (twice yearly, by an external firm)

Disclosure

We pay for security research.

If you've found a vulnerability — anything from a cross-tenant leak to an authentication bypass to a TCPA consent loophole — please report it. We will not sue you, we will not threaten you, we will thank you, and if the finding holds up we will pay you.

Our SLA: initial response in 24 hours, triage decision in 72 hours, fix or mitigation timeline communicated within seven days. Critical findings get a same-day patch and a public post-mortem when the dust settles.

A formal bug bounty program is in active development with a third-party platform. Until it's live, contact us directly and we'll handle reward and disclosure one-on-one.

Security inbox

security@gladiusturf.com

PGP key

4096R / AB12 CD34

Full key on request — reply to the address above and we'll send the armored block.

Response SLA

  • 24h — initial human response
  • 72h — triage decision
  • 7d — remediation timeline

Legal

DPAs and MSAs available.

Procurement-friendly. We don't hide the contracts behind a sales conversation.

  • Master Services Agreement (MSA)

    PDF — request via email

    Request →

  • Data Processing Addendum (DPA)

    PDF — request via email

    Request →

  • Privacy Policy

    Public — gladiusturf.com/legal/privacy

    Request →

  • Terms of Service

    Public — gladiusturf.com/legal/terms

    Request →

All available pre-purchase. Email legal@gladiusturf.com to receive.

Stop losing the revenue
your software is missing.

Switch in 48 hours. Keep your QuickBooks. 30-day money-back guarantee.The first leak we close usually pays for the year.

Book a 30-minute demoOr see pricing →