Built with security as an operational requirement
Role-based access across three portals, strict tenant isolation, encrypted storage, tamper-evident audit trails, and GDPR-oriented data handling. Not bolted on — built in from the start.
Access Control
Three portals, strict boundaries
Role-based access control
Every endpoint protected by MembershipGuard + RolesGuard + OrgPermissions decorators. Actions mapped to resources and roles — not open by default.
Tenant isolation
OrgScopingMiddleware validates organisation context on every API request. All database queries filtered by orgId. No cross-tenant data leakage.
Portal separation
Staff never see pay rates. Clients never see internal notes or margins. Each portal exposes only the data appropriate for that user type.
Two-factor authentication
TOTP (Google Authenticator, Authy) and email OTP. Encrypted TOTP secrets (AES-256-GCM). Recovery codes for account recovery. Self-service enable/disable.
Session management
NextAuth-based sessions enriched with memberships and roles. Multi-tenant routing on sign-in. Session validation on every request.
Rate limiting
Application-level throttling on public endpoints — authentication, recruitment widget, demo requests, and file uploads. Prevents brute-force and abuse.
Data Protection
Encryption, audit trails, and traceability
Sensitive data encrypted at rest with AES-256-GCM. All traffic encrypted in transit with TLS. Financial records carry HMAC signatures for tamper detection. Every action logged with actor, timestamp, and context.
AES-256-GCM encryption
OAuth tokens, TOTP secrets, and sensitive fields encrypted with random IV per record
TLS in transit
All API and web traffic encrypted via TLS — enforced by hosting infrastructure
HMAC-signed financial records
Financial audit logs use HMAC-SHA256 chain-linking for tamper detection
Comprehensive audit logging
User actions, data changes, and system events logged with actor, timestamp, and context
File scanning
Uploaded files scanned with ClamAV before download is permitted. Admin override for false positives
GDPR
Data handling designed around GDPR principles
Data minimisation
Collect only what is necessary for the service. No speculative data gathering.
Configurable retention
Set retention periods per document type and data category. Expired data soft-deleted then cleaned up on schedule.
Data export requests
Staff and subject access requests processed asynchronously. JSON or CSV output with presigned download links (7-day expiry).
Consent tracking
Consent type, method, and timestamp recorded per user. Withdrawal tracked. Queryable for audit.
Right to erasure
Soft delete with scheduled cleanup. PII redacted from logs. Configurable per data category.
Privacy by design
Portal separation ensures staff, clients, and admins each see only data appropriate to their role. No accidental cross-exposure.
Operational Safeguards
Built for live operations, not just testing
Your platform is designed so that development tools, test data, and internal systems never interfere with real events or client work.
Development tools disabled in production
Test and development features are never active in live environments — eliminating the risk of accidental disruption.
Debug access tightly controlled
Sensitive diagnostic tools are restricted and only accessible under strict conditions.
Demo and test data isolated
Demo data cannot run in production unless explicitly enabled — ensuring real operations stay clean and accurate.
Internal systems protected
All internal processes are secured and validated before execution, preventing unauthorised access.
Health monitoring with access control
System health endpoints are protected and only available to authorised systems.
Compliance Direction
Where we are heading
We are building towards formal security certifications. This section describes our direction, not current certification status.
ISO 27001
Framework being builtISMS control framework seeded with all 93 Annex A controls. Internal compliance tracking active. External certification not yet achieved.
GDPR compliance
ActiveData minimisation, retention controls, consent tracking, data export, right to erasure, and portal separation implemented in the platform.
Questions about security?
Contact our team to discuss security requirements, request documentation, or report a concern.