SecuritySecurity at Axentra.
You're trusting us with the operational truth of your business. We treat that like infrastructure: isolated, encrypted, least privilege, and auditable by default.
Tenant isolation
Every workspace is isolated at the data layer. Queries are tenant scoped, not just gated at the API, so one tenant can never read another's data.
Encryption everywhere
TLS for everything in transit; data encrypted at rest. Secrets are managed out of band and never shipped to the client.
Role-based access
Granular permissions from Owner to Viewer. Frontline staff capture, only managers approve. SSO and granular roles on Enterprise.
Append-only ledger
Inventory and revenue corrections are append-only and attributable. Capture writes no stock; only an approval posts to the ledger.
Fail-closed validation
Inputs are validated against strict, tenant-scoped rules. Path traversal, wrong tenant, or malformed requests fail closed before any read.
No client-trusted I/O
Files are read via short-TTL presigned GETs of our own objects, never client-supplied URLs (no SSRF), and the storage layout is never exposed.