Security

Last updated: April 3, 2026.

Decoda RWA Guard is built for operational trust: workspace-scoped access control, audit visibility, and resilient behavior across live and degraded dependencies.

Core controls

• Role-based workspace access with owner/admin/analyst/viewer scopes.
• Session management, CSRF protection, and optional MFA workflows.
• Audit logs for workspace administration and workflow-critical actions.
• Encrypted transport in deployed environments and secret-based service integrations.

Security reporting

To report a security concern, email security@decoda.app with reproduction details and affected environment information. For non-security support, use Support.

Shared responsibility

Customers are responsible for user lifecycle management, workspace role assignment, and integration credential hygiene. Decoda is responsible for service operation, infrastructure hardening, and response communication.