Security
Security you can explain to a CFO
Guardrails are built-in to prevent abuse and keep costs stable while protecting tenant data.
Tenant isolation
RBAC enforced
Rate limits + caps
Hardened uploads
Local agent security
Tenant isolation
Tenant boundaries are enforced server-side with claims, not user input.
- tenantId from JWT claims only
- No cross-tenant access patterns
Role-based access control
Permissions are enforced on the backend, not in the UI.
- Admin/manager/sales boundaries
- Audit logs for sensitive actions
Cost guardrails
We guard expensive operations with transactional controls.
- Rate limiting (minute/hour)
- Daily caps per tenant
- Kill switches for emergencies
Hardened uploads
Signed POST policies enforce limits at upload-time, plus lifecycle cleanup.
- Type/size/path enforced
- Tmp retention cleanup
Backups & recovery
Daily cloud backups plus optional encrypted local copies with retention.
- Bounded exports + max size
- Optional AES-256-GCM local encryption
- Restore tool with allowlists
Local agent security
The Store Ops Agent is designed to be safe on store PCs.
- Localhost only + strict CORS
- Constant-time API key compare
- Request size limits and download caps
Need a security walkthrough?
We'll review your workflows, permissions, backups, and operational risks end-to-end.