Security First
CellCMS is built with security at every layer. From encryption and authentication to audit logging and compliance, your content is protected by default.
Encryption
AES-256 at rest, TLS 1.3 in transit. All data encrypted by default.
Authentication
JWT tokens with refresh rotation, API tokens with granular permissions.
Role-Based Access
Admin, editor, viewer roles. Per-project access control.
HMAC Webhooks
SHA-256 signed webhook payloads. Verify every delivery.
Rate Limiting
Built-in rate limiting on all endpoints. Configurable per-route.
Audit Ready
Full revision history on all documents. Track every change.
Compliance & Data Protection
CellCMS gives you the tools and architecture to meet your compliance requirements.
GDPR
- Data residency controls
- Right to erasure (data deletion on request)
- Full data export in standard formats
SOC 2
- SOC 2 Type II compliance on our roadmap
- Security-first architecture from day one
- Continuous monitoring and improvement
Data Residency
- Choose your preferred data region
- Deploy in any region or data center
- Full control over data sovereignty
Infrastructure Security
Every layer of the CellCMS stack is hardened for production deployments.
Docker Security
Non-root containers, read-only filesystems, minimal attack surface with Alpine-based images.
Environment-Variable Secrets
All secrets managed via environment variables. No hardcoded credentials anywhere in the codebase.
Network Isolation
Internal services communicate over private Docker networks. Only the API gateway is publicly exposed.
Responsible Disclosure
Found a security vulnerability? We appreciate your help in keeping CellCMS safe. Please report security issues responsibly.
We aim to acknowledge reports within 24 hours and provide a fix timeline within 72 hours.