Security blueprint
How tnc-sh protects your Odoo hosting
A transparent overview of our architecture, access model, encryption, and deployment options — written for security teams, compliance reviewers, and technical buyers.
Operated by TraceNcode Technologies Pvt. Ltd.. Last updated May 24, 2026.
Architecture
tnc-sh separates the control plane from customer workloads. The platform orchestrates builds, billing, and access; each managed project runs on its own dedicated virtual machine with isolated development, staging, and production Odoo stacks.
Control plane
Kubernetes
- Web UI and API
- Billing and build orchestration
- PostgreSQL and Redis
Data plane
One VM per managed project
- Dedicated DigitalOcean droplet
- Docker Compose per environment
- Separate database per dev / staging / prod
Identity and access
| Control | Implementation |
|---|---|
| Authentication | GitHub OAuth — no platform password store |
| Sessions | HttpOnly JWT cookies; secure flag required in production |
| Project access | Owner plus invited collaborators; seat limits by plan |
| Admin access | Allowlisted GitHub user IDs only |
| Customer server access | In-browser SSH terminal, authorized by platform session |
| Platform server access | Operational SSH key for provisioning, deploys, SSL sync, and support |
Customer database credentials are customer-controlled. Platform personnel have operational server access for provisioning and support purposes only, and do not routinely access customer business data.
Encryption and secrets
| Layer | Implementation |
|---|---|
| In transit | HTTPS/TLS on the platform API and customer Odoo (Let's Encrypt via nginx) |
| At rest (platform) | GitHub OAuth tokens and subscription keys encrypted (Fernet) in the control-plane database |
| At rest (customer VM) | Provider-level disk storage; environment secrets stored with restricted file permissions |
| Webhooks | HMAC-SHA256 signature verification for GitHub and Stripe |
Network security
- Host firewall (UFW) enabled on every managed droplet
- Allowed ports: SSH (22), HTTP/HTTPS (80/443), Odoo environment ports (8069–8071)
- CORS restricted to configured frontend origins
- Rate limiting on authentication, webhooks, and billing endpoints
- PostgreSQL and Redis not exposed publicly on the control plane
Odoo deployment and licensing
You choose Community or Enterprise edition per project. Development, staging, and production run in isolated Docker stacks with separate databases on the same dedicated VM.
Custom modules deploy from your GitHub repository. When Enterprise is selected, the platform deploys Enterprise source code — Odoo subscription and license compliance remain your responsibility, the same as on-premises or any third-party host.
Optional AI features
AI-assisted development is an optional add-on, disabled by default. Code changes require explicit user approval and are blocked on staging and production branches.
What may be sent to LLM providers
- Project metadata (name, repository, branches, hosting mode)
- Source code excerpts from the active Git branch
- Build logs, including failure tails
- Conversation history within the AI session
What is not sent
- Live Odoo business or database records
- Customer credentials or GitHub tokens
See also AI for development for product details and credit pricing.
Backups and monitoring
- Managed VMs: DigitalOcean automated daily backups with seven-day retention.
- Control plane: Daily PostgreSQL exports and API health checks, HTTP metrics, and request logging.
- Customer visibility: Build and install logs in the project console; optional in-browser SSH for your authorized team members.
Deployment options
Managed (default)
Dedicated VM per project with platform-operated provisioning, SSL, backups, and deploy automation.
Customer-hosted (BYOH)
Run Odoo on your own infrastructure while using tnc-sh for CI/CD and deployment automation.
Security review support
We respond to customer security questionnaires and can walk your team through the architecture.
Subprocessors
| Provider | Purpose |
|---|---|
| DigitalOcean | VM hosting and automated backups |
| GitHub | Authentication, repository access, and CI webhooks |
| Stripe | Subscription billing |
| OpenAI / Anthropic | Optional AI development features |
| Let's Encrypt | SSL certificates on managed stacks |
Transparency
No method of transmission or storage is guaranteed to be fully secure. We document known limitations openly so your team can evaluate fit.
- Platform operators have operational SSH access for provisioning and support — standard for managed hosting.
- Odoo Enterprise license compliance remains the customer's responsibility when Enterprise edition is selected.
- Optional AI features send repository context to third-party LLM providers when enabled.
- No centralized audit log for SSH sessions today; on the product roadmap.
Security review and questionnaires
We welcome architecture walkthroughs with your cybersecurity team and can respond to customer security assessments. Share your questionnaire or request a call — we typically respond within two business days.