Row-Level Security on every tenant table
Every table that holds customer or supplier data enforces PostgreSQL Row-Level Security. Access is scoped to the caller's organization and role at the database layer, not just in application code.
Role-based access control
Roles are stored in a dedicated user_roles table and evaluated by a security-definer function. Roles are never stored on user profiles, eliminating a common privilege-escalation vector.
Portal isolation
Customer and supplier portal users are structurally excluded from staff-only SELECT policies. Cross-tenant leakage is enforced at the database level.
Tamper-evident activity log
Every state change writes to an append-only activity_logs table with actor, entity, action and timestamp. The log powers audit exports for customs and finance.
MCP OAuth 2.1
The Model Context Protocol server authenticates agents via OAuth 2.1 authorization-code with PKCE, scoped by tool. Tokens are short-lived and organization-bound.
Encrypted transport and storage
TLS 1.2+ in transit, AES-256 at rest via the managed database provider. Secrets are stored server-side and never shipped to the browser.
URL and content sanitization
All user-provided URLs (POD photos, RFQ attachments, catalogue links) are validated server-side against an http(s)-only allow-list and rendered through a safeHref guard.
Continuous scanning
We run automated security and dependency scans on every deploy. Findings are triaged into a public backlog and resolved on a defined SLA by severity.
Report a vulnerability
If you believe you have found a security issue, please email mail@sojibahmmed.com with a description, reproduction steps and any proof-of-concept. Do not publicly disclose the issue until we have had 90 days to respond. We do not currently operate a paid bounty program, but every valid report is acknowledged and credited.