TrustSign in

Incident response

How Limena detects, contains, and communicates security incidents that affect tenant data.

Detection

Production runs structured request/response logging, per-tenant rate-limit metrics, AI usage logging, and an audit log of every mutation. Anomalies — unexpected authentication failures, AI-quota outliers, error rate spikes — surface in operator dashboards and trigger investigation. Backend errors flow to a centralised tracker (provider locks at M-Deploy Q2).

Containment

  • Per-tenant kill-switches. Limena ops can disable a tenant’s AI access, revoke all API keys, or freeze new mutations independently per tenant.
  • Token revocation. Sign-out-everywhere revokes every active refresh token for a user; tenants can revoke API keys per-key from Settings → API keys.
  • Credential rotation. JWT signing keys, encryption master key, and third-party API tokens have documented rotation runbooks.

Communication

For confirmed security incidents affecting tenant data, Limena commits to notifying impacted tenants within 72 hours of confirmation. Notifications are sent to the tenant owner’s email of record and contain: scope of the incident, data potentially affected, containment status, recommended tenant actions, and a follow-up timeline.

For incidents that do not affect tenant data — for instance an internal outage with no data exposure — we still surface the status on the in-app banner + status page and write a post-mortem to hello@limena.io on request.

How to reach us

Suspect an issue? Email hello@limena.io — see also the public /.well-known/security.txt for our RFC 9116 contact + reporting policy.