Sensible defaults. Server-side checks. Nothing about security depends on the UI hiding a button. Built to satisfy the privacy and consumer-protection frameworks of every jurisdiction we serve.
Every read, mutation and search is scoped server-side. Tenants never see another tenant's data - even if a URL is guessed, even if a primary key is enumerated. Scope is enforced at the controller layer, with database-level row filtering as a second line of defence.
Admin, staff and client roles enforced in application controllers, not just in the UI. Permission changes are reviewable and reversible. Staff can only see the products they're cleared for; clients see only their own tickets and assigned KB.
Rate-limited login attempts with progressive backoff. Password-reset tokens are single-use, time-limited, and resistant to enumeration. Failed login responses look identical regardless of whether the account exists.
TOTP-based 2FA for tenant admins and platform operators. Secrets are encrypted at rest. Backup codes are provided at enrolment so a lost authenticator never locks you out.
File extension and MIME-type validation on upload. Storage outside the web root. Downloads routed through authenticated, signed-URL endpoints. Direct attachment URLs return 403 even if guessed correctly.
Daily database backups, weekly attachment snapshots, encrypted offsite. Operator runbook for restoration tested quarterly. Cancellation includes a full data export in plain formats. Your data, your call.
We operate within the Pacific region. Tenant data is stored on AU/NZ-based infrastructure. Cross-border transfers honour Australian Privacy Principle 8 and NZ Information Privacy Principle 12, with equivalent contractual safeguards for Fiji, PNG and other Pacific jurisdictions.
Full action log per tenant with cross-tenant actor masking. Login + 2FA events tracked. Suspicious-pattern alerts to operators. Logs retained per statutory limits and configurable per tenant.
We can walk through the threat model, the audit log, the data-export process and anything else your compliance team needs to sign off.
