Security & trust
Built for compliance, including our own.
Multi-tenant isolation, Microsoft Entra SSO with MFA enforced on every account, encryption at rest and in transit, UK data residency (UK South + UK West backups), and GDPR-aligned processing.
We treat security like a product feature, not a checkbox. Filovera is built on the same Azure primitives you'd use to run a regulated workload of your own.
The pillars of our trust posture
Each one is documented in our trust packet (available under NDA). The full controls catalogue is published in our Information Security Policy.
Read the policy: /legal/information-security-policy. Covers governance, risk management, access control, cryptography, operations, supplier security, incident management, business continuity, and compliance.
Multi-tenant isolation
Every customer gets a logically isolated tenant. Tenant isolation is enforced through query filters that apply automatically to every database read, scoped to the authenticated tenant claim. Foundational tests fail loudly the moment a query forgets the tenant filter.
Microsoft Entra ID SSO
Microsoft Entra ID with PKCE. MFA is enforced on every sign-in by Conditional Access on the Filovera identity tenant. No opt-in, no plan gate. Professional and Enterprise customers can additionally federate to their own Entra tenant and layer their own Conditional Access on top; talk to sales to enable. No shared service accounts, no orphaned access.
Microsoft sign-in by default. MFA on every account, every plan
Every user signs in with their Microsoft account via Entra External ID. First factor is either an existing Microsoft password or a one-time email code; second factor is a one-time code sent to the user's verified email address. MFA is enforced by Conditional Access on the Filovera identity tenant, required on every account, on every plan, including Starter trials. No Filovera password to set or steal, no SMS in the loop. Enterprise customers can additionally layer their own Entra Conditional Access on top to add device compliance, trusted-network rules, or stricter session policies. Session integrity is verified on every API call via signed JWTs with short expiry.
Encryption at rest and in transit
TLS 1.2+ in transit on every request. Encryption at rest via Microsoft-managed keys (Azure Postgres Flexible Server data encryption + Storage SSE), with strict per-tenant data isolation enforced at the application layer.
UK data residency: UK South + UK West
All inspection data, photos, signatures, and certificates live in Microsoft Azure UK South (London). Database records and blob attachments are asynchronously geo-replicated to Azure UK West for regional disaster recovery. Both are UK-sovereign Microsoft datacentres. We never replicate data outside the UK without your explicit consent.
GDPR-aligned by design
Soft-delete with 30-day restore window. Per-tenant data export to JSON. Hard-delete after retention with blob cleanup and a tamper-evident ledger entry. Customer data hosted in Azure UK South with geo-replicated backups in UK West.
Tamper-evident audit log
Every meaningful action (sign-in, asset edit, inspection submit, certificate export) is recorded with actor, timestamp, and IP, on an append-only log. Writes happen for every tenant; in-dashboard search and filter is gated to Professional+.
Auditor pack verification
TenantAdmin can generate a single tamper-evident PDF that bundles completed inspections, the matching audit-log slice, and a cryptographic verification block. The auditor or insurer follows the printed verification URL to independently re-check the chain. No Filovera login required for them. (Professional and Enterprise.)
Multi-tenant identity (one user, many organisations)
A user (typically a consultant or contractor) can be a member of several customer organisations on Filovera. The org switcher issues a fresh tenant-scoped session every time they switch; refresh tokens from the previous tenant are revoked on the spot, and database-level query filters guarantee no row from a different tenant is ever returned.
Point-in-time backup, drilled quarterly
Azure Postgres Flexible Server with point-in-time restore (PITR) over a 7-day rolling window and geo-redundant backup replicated UK South → UK West. We don't trust untested backups. The restore drill is run every quarter against a throwaway server and the result is published to our internal disaster-recovery runbook. RTO target ~4 hours, RPO target ~1 hour.
Responsible disclosure
Found something? Email security@filovera.com. We acknowledge reports promptly and credit researchers who would like to be named.
Reporting a vulnerability
If you've found a security issue in Filovera, here's how to tell us.
Email security@filovera.com with a clear description of the issue and the steps to reproduce it. Screenshots, request/response captures, or a short screen recording are welcomed. Use a private host you control. We don't accept attachments at the inbox.
We acknowledge every report within 1 business day and provide a fix-or-status update weekly until the issue is resolved or formally closed. Where a fix is shipped, we'll confirm the build that contains it so you can verify.
Public disclosure: please coordinate the timing with us. Our standard window is 90 days from a confirmed fix, earlier by mutual agreement, longer for active exploitation cases.
We don't currently operate a paid bug-bounty programme. Acknowledgment in our security advisories is offered for novel, high-impact findings.
Machine-readable contact details follow RFC 9116 at /.well-known/security.txt.
Security FAQ
Be ESPR-ready before the
deadline catches you.
Onboard your first SKUs, invite a supplier, publish your first scannable passport — all on your free 14-day trial. No credit card required.