Legal

Security

Security overview for Naya Growth workspaces, integrations, webhook handling, access controls, and incident reporting.

Last updated: May 9, 2026

Security overview

Naya Growth uses role-based access controls, restricted operator workflows, audit logs, environment separation, webhook signature checks, and secret-management controls where applicable.

Access controls and operator access

Workspace access is scoped by role and project membership. Operator tools are limited to authorized Naya Growth users for setup, diagnostics, support, and compliance workflows.

Secret storage and webhook security

Browser-facing integrations use public keys only. Server-to-server integrations may use secrets, HMAC signatures, timestamp checks, idempotency keys, and webhook signature verification where supported.

Data masking and audit logs

The platform supports masked PII display, audited reveal flows, lead visibility controls, soft deletion, hard deletion workflows, and operational audit records where available.

Incident reporting

Security issues can be reported to hello@nayagrowth.com. Include the affected URL, steps to reproduce, impact, and safe evidence.