Tenant isolation by design
Postgres Row-Level Security on every operational table. SET LOCAL app.tenant_id is set per-request, so cross-tenant reads are physically impossible at the database level.
Fernet-encrypted credential vault
Third-party HRIS API credentials (Zoho, BambooHR, SAP) are encrypted at rest with rotating Fernet keys. Decryption only happens inside the per-tenant scope and is audit-logged on every access.
Append-only audit log
Every sensitive action (impersonation, undo, integration access, plan change, statutory document issuance) writes a tamper-evident audit row visible to your admins.
Step-up 2FA on dangerous endpoints
Email OTP + TOTP-backed step-up sessions are required for impersonation, bulk import commits, integration credential changes, and plan switches.
TLS 1.3 only · HSTS preload-eligible
Caddy auto-issues Let's Encrypt certificates with a 2-year HSTS header and the includeSubDomains + preload directives. No HTTP fallback is served.
Encrypted off-site backups
Nightly pg_dump streams through age (asymmetric encryption) into Backblaze B2. 7-day daily / 4-week weekly / 12-month monthly retention. Restore tested.
Sub-processors
MauriResources uses a small, well-known set of sub-processors. Cross-border transfers happen only with the consents you give at signup (DPA §36).
Reporting a vulnerability
Email [email protected] with the subject "Security report". We respond within one Mauritian business day and will not pursue action against good-faith research.
Read the full Privacy Notice