Risk Register
Public view: risks marked visibility: public only; controlsApplied.public view.
Owner: Founder (single-owner until org grows). Last regenerated from risk-register.risks.json.
| ID | Risk | Asset(s) affected | Likelihood | Impact | Inherent rating | Treatment | Controls applied | Residual rating | Owner | Last reviewed |
|---|---|---|---|---|---|---|---|---|---|---|
| R-01 | Customer data exposure via application vulnerability (RLS bypass, missing ownership check, OAuth scope misuse) | customer HubSpot OAuth tokens (encrypted), customer-confidential application data, audit_log JSONB | M | H | H | Mitigate | A.5.15, A.5.18, A.8.2, A.8.3, A.8.5, A.8.20, A.8.21, A.8.27 | M | Founder | 2026-05-01 |
| R-02 | Sub-processor breach (Hetzner, self-hosted Supabase containers, Mistral inference, Mollie billing) | Hetzner data centre infrastructure, self-hosted Supabase persistence and auth, Mistral inference path, Mollie billing flow | L | H | M | Transfer | A.5.19, A.5.20, A.5.21, A.5.22, A.5.23, A.5.34, A.7.1, A.7.2 | L | Founder | 2026-05-01 |
| R-03 | Founder credential or endpoint compromise (laptop loss, SSH key leak, GitHub or Coolify session theft) | founder workstation (macOS), SSH private key for Hetzner host, Supabase Auth admin account, GitHub repository write access, Coolify orchestration UI session | M | H | H | Mitigate | A.5.17, A.5.18, A.8.1, A.8.4, A.8.5, A.8.7, A.8.18 | M | Founder | 2026-05-01 |
| R-04 | Governance, policy, or audit lapse (single-founder concentration, change-management failure, ISMS drift) | ISMS scope, policy compliance posture, release pipeline, audit cadence | M | M | M | Mitigate | A.5.1, A.5.4, A.5.31, A.5.35, A.5.36, A.5.37, A.6.7, A.6.8, A.8.4, A.8.32 | L | Founder | 2026-05-01 |
| R-05 | Cryptographic or key-management failure (TLS regression, encryption-key loss or rotation incident, weak key entropy) | AES-256-GCM token encryption (TOKEN_ENCRYPTION_KEY), TLS 1.2+ at edge, OAuth flow integrity | L | H | M | Mitigate | A.5.17, A.8.20, A.8.24, A.8.32, A.8.5 | L | Founder | 2026-05-01 |
| R-06 | Coding-agent or prompt-injection compromise (agent weaponised via WebFetch / MCP outputs to exfiltrate credentials) | coding-agent surface (Claude Code + MCP tools), founder workstation, production secrets at rest in Hetzner / Supabase env | M | M | M | Mitigate | A.5.18, A.8.1, A.8.7, A.8.12, A.8.18 | L | Founder | 2026-05-01 |
| R-07 | Application logic flaw (auth bypass, missing portal-ownership check, edge-function bug, server-trust violation) | edge functions (~30 in production), RLS-protected tables, rate-limiting layer, tier-check layer | M | H | H | Mitigate | A.5.8, A.8.2, A.8.3, A.8.8, A.8.15, A.8.21, A.8.26, A.8.27, A.8.28, A.8.29 | M | Founder | 2026-05-01 |
| R-08 | Operational or human error during release / maintenance (single-founder BCP, missed step in incident response) | release pipeline, incident-response procedure, deployment workflow | M | M | M | Accept | A.5.2, A.5.30, A.6.6, A.8.6, A.8.9, A.8.17, A.8.31 | L | Founder | 2026-05-01 |
| R-09 | Backup or recovery failure (corrupt pg_dump, restore procedure regression, retention gap) | PostgreSQL daily pg_dump archive on Hetzner host, Hetzner infrastructure-level VM snapshots, documented restore procedure (RTO ≈ 1h) | L | H | M | Mitigate | A.5.30, A.8.13, A.8.14 | L | Founder | 2026-05-01 |
| R-10 | PII exposure in logs or LLM prompts (data leakage at observability or inference boundaries) | edge-function structured logs, Mistral inference inputs, audit_log JSONB rows, Coolify-managed Nginx access logs | M | M | M | Mitigate | A.5.34, A.8.10, A.8.11, A.8.12, A.8.15 | L | Founder | 2026-05-01 |
| R-11 | Mollie webhook tampering or billing-flow abuse (forged subscription event, replayed checkout-status callback) | Mollie webhook endpoint, subscription state in Supabase, credit / discount logic | L | M | M | Mitigate | A.5.14, A.5.24, A.5.27, A.8.20, A.8.26 | L | Founder | 2026-05-01 |
| R-12 | Supply-chain compromise (malicious npm dependency, compromised Docker base image, transitive package takeover) | package-lock.json (~700 npm packages), Deno edge-function imports, Supabase official container images, GitHub Actions workflow runners | L | H | M | Mitigate | A.5.21, A.8.19, A.8.30, A.8.7, A.8.8 | L | Founder | 2026-05-01 |