Batu Merah

Security

Security posture, controls and known limitations of the platform.

Authentication

  • Email + password authentication with required email verification.
  • Self-service tenant signup is disabled. New tenants are onboarded by enquiry.
  • Password reset via verified email.

Authorisation

  • Role-based access enforced at the database level using row-level security.
  • Roles are stored in a dedicated table, never on the user profile.
  • Client users only see their own organisation's data; consultants only see assigned requests.
  • Internal notes and AI runs are never exposed to client users.

Data protection

  • Evidence files stored in a private bucket; access via short-lived signed URLs.
  • Database transport secured with TLS.
  • Tenant data isolated by RLS policies on every table containing client data.

Audit

Status changes, approvals, role assignments and report issuance are recorded in an append-only audit log. Update and delete operations on the audit log are not permitted via the UI or API.

AI controls

  • AI runs are scoped to the consultant who initiated them.
  • AI output cannot bypass human review on the path to client release.
  • Prompt templates are versioned; only approved versions are usable.

Known limitations

  • Independent penetration testing has not yet been performed.
  • Multi-factor authentication is not yet enabled by default.
  • Server-side PDF export is not yet implemented; reports use the browser print path.
  • Backup and restore procedures are inherited from the underlying platform; documented runbooks are pending.

Reporting a vulnerability

Please contact us via the contact page. Do not test attacks against tenant data you are not authorised to access.