Compliance Center

Security & Compliance Program

Policies, risk register, and vendor assessments that govern how EcoService Pro protects customer data. This page is maintained by EcoPowerHub AI LLC for prospects, auditors, and internal review. For disclosures contact engmartin@ecopowerhub.ai.

Risk Register

Version: 1.0 · Last review: July 14, 2026 · Owner: Security Lead Cadence: Reviewed monthly; each risk re-scored at least annually.

Scoring

  • Likelihood (L): 1 Rare · 2 Unlikely · 3 Possible · 4 Likely · 5 Almost certain
  • Impact (I): 1 Negligible · 2 Minor · 3 Moderate · 4 Major · 5 Severe
  • Score = L × I. Treatment threshold: ≥ 12 = Priority.
  • Treatment: Mitigate · Transfer · Avoid · Accept

| ID | Risk | Category | L | I | Score | Owner | Treatment | Mitigation / Control | Status | | --- | --- | --- | :-: | :-: | :-: | --- | --- | --- | --- | | R-01 | Multi-tenant data leak via missing/incorrect RLS policy | Data | 2 | 5 | 10 | Eng Lead | Mitigate | RLS enforced + CI test roles_and_rls.sql; peer review on any policy change | Open · Monitored | | R-02 | Credential stuffing against /login | Access | 4 | 4 | 16 | Security | Mitigate | HIBP check, rate-limit bucket, MFA available, security_events alerts | Priority | | R-03 | Privilege escalation via user_roles self-insert | Access | 2 | 5 | 10 | Eng Lead | Mitigate | WITH CHECK policy + trigger; only service role can grant | Open · Monitored | | R-04 | Vulnerable npm dependency in prod bundle | Supply chain | 4 | 4 | 16 | Eng Lead | Mitigate | Weekly bun audit in CI; Dependabot; monthly review | Priority | | R-05 | Stripe webhook forgery / replay | Payments | 2 | 5 | 10 | Eng Lead | Mitigate | HMAC signature verify + idempotency key on /api/public/webhooks/stripe | Open · Monitored | | R-06 | Service-role key leaked via client bundle | Secrets | 2 | 5 | 10 | Eng Lead | Mitigate | Import guard blocks client.server.ts from client graph; secret in Cloudflare env only | Open · Monitored | | R-07 | Data loss / DB corruption | Availability | 2 | 5 | 10 | Ops | Mitigate + Transfer | Supabase daily PITR (7 d) + 30 d snapshot; RTO 4 h / RPO 24 h; restore drill every 6 mo | Open · Monitored | | R-08 | Third-party AI provider outage (Lovable AI, Grok, IC canister) | Vendor | 4 | 3 | 12 | Eng Lead | Mitigate | Multi-provider fallback (Grok → oracle-ai-v2 → cached response) | Priority | | R-09 | Prompt injection / model jailbreak via user-supplied photos or text | AI | 4 | 3 | 12 | Eng Lead | Mitigate | System-prompt guardrails, output validation, no tool-call side effects without confirmation | Priority | | R-10 | Insider misuse of admin console | People | 2 | 4 | 8 | Security | Mitigate | Only 2 owners; every action written to audit_logs; quarterly access review | Open · Monitored | | R-11 | GDPR / CCPA non-compliance from delayed DSAR fulfilment | Legal | 3 | 4 | 12 | Security | Mitigate | 30-day SLA tracked in audit_logs; /data-deletion self-serve | Priority | | R-12 | DDoS on public marketing + auth endpoints | Availability | 3 | 3 | 9 | Ops | Transfer | Cloudflare WAF + rate limiting; auto-scale SSR workers | Open · Monitored |

Change log

  • 2026-07-14 — Register created; 12 risks scored. R-02, R-04, R-08, R-09, R-11 flagged Priority.

Version-controlled source of truth for this document lives in the project repository. Material changes are reviewed by the Security Lead and approved by the CEO.