Security at First Line Done

Complete data isolation

Every institution's data is strictly separated at the application layer. Your tenant is resolved from your authenticated session — no identifier is ever exposed in the URL. One institution cannot see or touch another's records.

Immutable audit log

Every create, update, delete, and access action is logged with user identity, timestamp, IP address, and resource reference. Audit logs cannot be edited or deleted and are available to Compliance Managers at any time.

Multi-Factor Authentication

TOTP-based 2FA via any authenticator app. MFA is enforced automatically for all Compliance Manager and MLRO accounts. Backup codes are provided at setup for account recovery.

Role-Based Access Control

Six granular roles — Super Admin, Compliance Manager, MLRO, Analyst, Viewer, API User — with permissions enforced at every API endpoint. Least-privilege by default.

Short-lived access tokens plus long-lived refresh tokens, signed with HS256 and validated on every request. Token expiry is configurable per institution.

API rate limiting (100 req/min default, 200 req/min burst) at the infrastructure layer protects against abuse, brute-force, and credential-stuffing attacks.

Passwords hashed with bcrypt. Time-limited password reset tokens sent by email. SSO users are issued passwordless accounts — credentials are managed entirely by your IdP.

All traffic encrypted in transit via TLS 1.2+. HTTPS enforced at the load balancer layer with HSTS headers and automatic certificate rotation.

MySQL with application-level row isolation. SQL injection protection via parameterised ORM queries. Connection pooling with pre-ping health checks. Backups encrypted at rest.

API keys for server-to-server integration are SHA-256 hashed at rest and scoped to the issuing institution. Keys can be revoked instantly from the developer console.

Connect to Okta, Microsoft Entra ID, Google Workspace, or any SAML 2.0 identity provider. JIT provisioning creates user accounts on first SSO login.

Let your IdP manage the user lifecycle. When IT removes a user from the app, their FLD account is immediately deactivated — no manual intervention required.