Authentication
- Email + password authentication with required email verification.
- Self-service tenant signup is disabled. New tenants are onboarded by enquiry.
- Password reset via verified email.
Authorisation
- Role-based access enforced at the database level using row-level security.
- Roles are stored in a dedicated table, never on the user profile.
- Client users only see their own organisation's data; consultants only see assigned requests.
- Internal notes and AI runs are never exposed to client users.
Data protection
- Evidence files stored in a private bucket; access via short-lived signed URLs.
- Database transport secured with TLS.
- Tenant data isolated by RLS policies on every table containing client data.
Audit
Status changes, approvals, role assignments and report issuance are recorded in an append-only audit log. Update and delete operations on the audit log are not permitted via the UI or API.
AI controls
- AI runs are scoped to the consultant who initiated them.
- AI output cannot bypass human review on the path to client release.
- Prompt templates are versioned; only approved versions are usable.
Known limitations
- Independent penetration testing has not yet been performed.
- Multi-factor authentication is not yet enabled by default.
- Server-side PDF export is not yet implemented; reports use the browser print path.
- Backup and restore procedures are inherited from the underlying platform; documented runbooks are pending.
Reporting a vulnerability
Please contact us via the contact page. Do not test attacks against tenant data you are not authorised to access.
