تخطّي إلى المحتوى
Flockera
الأمان

الأمان

كيف نحمي بيانات العملاء: التشفير، العزل، التحكم بالوصول، النسخ الاحتياطي، المراقبة، والاستجابة للحوادث.

ساري المفعول منذ

1. Tenant isolation

Each customer is assigned a dedicated database. There is no shared "tenants table" pattern: a query in one customer's context cannot reach another customer's rows by mistake or by abuse, because the connection itself is bound to a single tenant database. Application code, file storage, cache namespaces, and broadcast channels are all tenant-scoped.

2. Encryption

  • All traffic to and from the platform is encrypted with TLS 1.2+.
  • HSTS is enforced on the production domain.
  • Database backups are encrypted at rest.
  • Sensitive credentials (2FA secrets, API tokens) are stored hashed or encrypted.

3. Authentication and access control

  • Mandatory two-factor authentication (TOTP) for administrative roles.
  • Granular role-based permissions: 528 fine-grained permissions across 18 roles.
  • Per-action authorisation, not just per-page.
  • Session timeout, secure-only cookies, CSRF protection on every state-changing request.
  • Password reset rate-limited to prevent enumeration.

4. Audit and activity logging

Every create, update, and delete on operationally meaningful records is captured in the activity log with the actor, the changed fields, and a timestamp. Log retention is at least 24 months.

5. Backups and recovery

  • Automated daily backups of every tenant database, retained for 30 days.
  • Weekly long-term backups retained for 90 days.
  • Backups stored encrypted, off the production server.
  • Restore drills performed regularly to validate the restore path.

6. Application security

  • Dependencies kept current; security advisories monitored.
  • Output encoding by default in templates (XSS prevention).
  • Prepared statements / ORM throughout (SQL injection prevention).
  • Content-Security-Policy and other hardening headers in production.
  • Honeypot routes detect and log automated scanners.
  • Rate limits on login, password reset, and contact endpoints.

7. Infrastructure

  • Production runs on hardened Linux with firewall and SSH key authentication only.
  • Separate environments for development, staging, and production.
  • Configuration secrets stored in environment variables, never in code.

8. Incident response

We maintain an internal incident response process. In the event of a security incident affecting customer data, we will notify affected customers without undue delay (and at most within 72 hours of discovery) with the facts known at that time and the actions we are taking.

9. Reporting a vulnerability

Found a security issue? Please email [email protected] with the subject line "Security report" and as much detail as you can share. Please give us reasonable time to fix the issue before public disclosure. We do not pursue legal action against good-faith researchers.