Security

Built to keep your
business isolated and honest.

Ozmosoft runs eight solutions on one shared ledger, which means isolation and integrity are not features bolted on — they are how the platform is put together. Here is exactly how, in plain English.

Tenant isolation, enforced at the database

Every business runs in its own isolated space. Isolation is not left to application code alone — it is enforced by PostgreSQL Row-Level Security.

  • A two-pool architecture: the application connects on a non-superuser role that cannot bypass row-level security (NOBYPASSRLS), with FORCE ROW LEVEL SECURITY on every tenant-scoped table.
  • Each request is pinned to exactly one organisation via a per-request database setting; policies fail closed, so a query with no tenant context returns nothing.
  • Our cross-tenant test sweep passed 51/51: 12 attempts to read another tenant’s data returned “not found”, and 13 attempts to write across tenants were denied.

Role-based access control on every action

Reading and changing data is gated by role. This is verified structurally, not by convention.

  • Every state-changing endpoint carries an explicit role/permission gate, a guard, or is deliberately public — never accidentally open.
  • A continuous-integration invariant walks the live route tree and fails the build if any mutating route is missing its access-control gate.
  • Super-admin (platform operator) actions require a separate, short-lived elevated session protected by two-factor authentication.

Secrets encrypted at rest

Credentials you connect — email, bank feeds, payment and accounting integrations — are encrypted before they touch the database.

  • Integration and platform secrets are stored as AES-256-GCM encrypted envelopes, decrypted only in memory at the moment they are used.
  • Secret values are masked on read in the admin console and are never written to logs.

Sessions & transport

Authentication is designed to keep tokens out of reach of scripts and eavesdroppers.

  • Sessions use httpOnly, Secure, SameSite cookies in production, so tokens are not exposed to page JavaScript.
  • All traffic is served over TLS. The platform is hosted in AWS Sydney (ap-southeast-2).

Backups & recovery

Your data is backed up and the restore path is tested — not assumed.

  • Nightly logical database backups are age-encrypted and shipped to object storage in the Sydney region.
  • The restore procedure is documented and has been exercised in a restore drill.

Financial integrity

The ledger is the source of truth, and it is kept honest by construction.

  • Every money movement posts a balanced double-entry journal; the trial balance nets to zero.
  • The audit trail is append-only — history is recorded, not overwritten.

An honest note on certifications

We do not currently hold third-party attestations such as SOC 2 or ISO 27001, and we will not claim ones we don’t have. What we can show you is the concrete engineering above — much of it independently exercised in our own go-live certification. If your organisation needs specific compliance evidence, get in touch and we’ll walk you through what exists today and what’s on the roadmap.