Coordinex protects scheduling, time, payroll-adjacent, and team operations data with least-privilege access, strong transport security, Firebase App Check, and server-enforced authorization rules.
Coordinex scopes organization data by authenticated user, organization membership, and role permissions. Firestore rules enforce tenant boundaries server-side.
The public website ships HSTS, a strict script-hash Content Security Policy, frame blocking, content-type protection, and a locked-down Permissions Policy.
Security researchers can contact security@coordinex.app. We acknowledge credible vulnerability reports within 48 hours and prioritize fixes by user impact.
A public status endpoint is available at status.coordinex.app/status.json for edge checks across the public site and key trust endpoints.
Send the details, reproduction steps, affected URLs, and any supporting evidence. Please avoid accessing or modifying data that is not yours.