🔐Security

1. Secure infrastructure and architecture

   Our platform is built on a modern technology stack and hosted within the secure Google Cloud Platform (GCP). The system is designed with a multi-tenant architecture, which guarantees that each company's data is strictly isolated and completely inaccessible to other companies using the service.

2. Authentication and access control

   We provide you with full control over your team's access to the platform.

   • Self-Service user management: Your designated administrators can directly manage your company's users—including creating, modifying, and deactivating accounts — ensuring only authorized personnel have access.

   • Role-Based permissions: Access to data and features is strictly controlled based on user roles (e.g., administrator, standard user), ensuring users only see what they are supposed to.

   • Secure sessions: We use modern security tokens to manage user sessions, providing continuous and secure access.

3. Data protection and transmission

   • Encrypted communication: All data transmitted between your device and our servers is encrypted using the industry-standard HTTPS/TLS protocol, protecting it from interception.

   • Password security: User passwords are never stored in a readable format. We use a strong, one-way hashing algorithm to protect them.

   • Secure session handling: Session information is stored securely to prevent unauthorized access from client-side scripts in the browser.

4. Database security

   Data isolation is enforced at the database level, making it structurally impossible for data to leak between different companies. Our database is hosted in a private, secure network with access strictly limited by network security policies.

5. Secure file storage

   • Private by design: All uploaded files are stored in a dedicated, private environment on Google Cloud Storage. By default, every file is completely inaccessible from the public internet, eliminating the risk of accidental data exposure.

   • Controlled access: Access to files is granted exclusively through our application via secure, time-limited links. This ensures that only authenticated users with the correct permissions can access files and prevents unauthorized sharing of permanent links.

6. Protection against common threats

   • SQL injection: Prevented by using modern and secure data access methods.

   • Cross-Site scripting (XSS): Mitigated by properly sanitizing all data displayed to users.

   • Brute-Force attacks: The system is protected through continuous monitoring and is supported by infrastructure capable of deploying advanced defense mechanisms, such as web application firewalls (e.g., Cloudflare), to prevent attacks.

7. Auditing and system monitoring

   • Audit trail and support: The platform maintains a comprehensive audit trail of user activities. Key events are visible directly in the user interface for day-to-day monitoring. For in-depth security investigations or specific compliance needs, more detailed logs can be provided by our support team.

   • Proactive monitoring: We utilize a robust monitoring and logging infrastructure to track system health and security events in real-time. This allows us to rapidly detect and respond to any unusual activity or potential threats.

8. Data backup and recovery

   We perform regular, automated backups of our database. These backups are stored securely with controlled access and are governed by a data retention policy to ensure we can restore service in case of an emergency.

9. Continuous security monitoring and updates

   We are committed to maintaining a high level of security. Our process includes:

   • Regular updates: We consistently update our software components to protect against newly discovered vulnerabilities.

   • Automated scanning: We use automated tools to scan our code for potential security issues.

   • System monitoring: We monitor system logs to detect and respond to any suspicious activity.

Our web service is built in accordance with modern security standards. We ensure robust data isolation, employ secure authentication and encryption, and have designed our architecture to prioritize the safe storage, processing, and transmission of your data.