Security & Compliance

Your data is isolated,
encrypted, and auditable.

Effigate is built for organisations where data security isn't optional. Schema-level tenant isolation, AES-256 encryption, IP firewalling, and immutable audit logs are standard — not add-ons.

Start Free Trial Enterprise Features

AES-256

Encryption at Rest

TLS 1.2+

Encryption in Transit

GDPR

Compliance Ready

99.9%

Uptime SLA

Data Encryption

Encrypted at rest and in transit — always

All data stored in Effigate databases is encrypted at rest using AES-256 block encryption. This includes tenant schemas, attachments, time logs, invoice data, contract terms, and all user-generated content.

All network communication between your browser and Effigate infrastructure is encrypted via TLS 1.2 or higher. We enforce HTTPS-only access and use HSTS headers to prevent downgrade attacks.

  • AES-256-GCM Database encryption at rest for all tenant data
  • TLS 1.2+ All network traffic — no HTTP fallback permitted
  • HSTS HTTP Strict Transport Security enforced site-wide
  • Encrypted file storage Attachments encrypted independently of database
  • Key management Encryption keys rotated on a scheduled policy

Encryption Coverage

Database Records 100%
File Attachments 100%
API Communication 100%
Backup Archives 100%

Note on client-side encryption: Sensitive fields (API keys, webhook secrets, integration credentials) are encrypted at the application layer using an additional application-level key before database storage. This provides defence-in-depth beyond database-level encryption.

Tenant Resolution Flow

Request GET /acme-corp/dashboard
Middleware InitializeTenancyByPath → tenant_slug = acme-corp
DB Switch USE tenant_acme_corp (isolated schema)
Auth Check auth()->guard("web") → TenantUser in tenant DB
Response Data served exclusively from tenant_acme_corp
Tenant Isolation

Schema-level isolation — not row-level filters

Row-level security relies on every query correctly applying a tenant filter. A single missed WHERE clause exposes data across tenants. Effigate avoids this entirely by giving each tenant its own database schema.

The tenancy middleware switches the active database connection to the correct tenant schema before any query executes. It is architecturally impossible to return another tenant's data without deliberately bypassing the tenancy middleware.

✗ Row-level filters

Risk: missed WHERE = data leak

✓ Schema-per-tenant

No filter = empty result, not another tenant

Access controls at every layer

From network-level IP firewalling to application-level permission gates, Effigate enforces access at every point in the stack.

IP Firewall

Configure per-tenant IP allowlists and blocklists. Firewall rules are evaluated before tenancy initialisation — blocked IPs never reach application code.

RBAC — Tenant Level

Owner, Admin, Manager, Member roles with fine-grained permission gates. Settings access is Owner/Admin only. Role changes are audit-logged.

RBAC — Project Level

Project Owner, Manager, Contributor, Reviewer, Observer roles. Each role restricts what work items are visible and what actions are permitted.

Client User Isolation

Client users access a separate portal with a dedicated auth guard. They cannot see internal notes, rate cards, SLA formulas, or team-internal data.

API Token Scopes

Per-tenant API tokens carry explicit scopes (read-only, read-write, or resource-specific). A token cannot access data the owning user cannot access.

Password Policy

Configurable minimum length, complexity, rotation interval, and breach detection per tenant. Enforced at registration and on every password change.

Audit Trails

Immutable records — every significant event captured

Effigate maintains append-only audit logs for all security-relevant and business-critical events. Logs are timestamped, actor-attributed, and cannot be deleted by tenant users — including Owners.

For organisations subject to regulatory review, Effigate's audit logs provide the evidence trail needed to demonstrate control. Export is available via the API or admin UI.

  • API authentication events (success, failure, revocation)
  • User role changes and permission grants
  • Invoice issuance, payment, and dispute events
  • SLA timer events (start, pause, breach, resolution)
  • Time log lock events (immutable after lock window)
  • Contract amendment history with before/after state
  • File attachment uploads and downloads
  • Settings changes (billing, security, integrations)

Immutability Guarantees

Time Logs

Locked after configurable window (default: 3 days). Cannot be edited or deleted after lock.

Issued Invoices

Immutable after issuance. Corrections require a credit note, preserving the full ledger history.

Audit Log Entries

Append-only. No tenant role can delete or modify audit log records.

SLA Events

Timer events are append-only. The full SLA timeline for any ticket is permanently preserved.

GDPR & Compliance

GDPR readiness built into the platform

For organisations operating in the EU or handling EU residents' data, Effigate provides the controls needed to demonstrate GDPR compliance.

Right of Access

Users can request a full export of their personal data via the API or admin request.

Right to Erasure

Account deletion workflows remove personal data from active databases following GDPR deletion rules.

Data Minimisation

Effigate collects only the data required for the service. Optional fields are clearly marked.

Consent Logging

Consent events are timestamped and stored. Marketing opt-in/out is independently tracked.

DPA Available

A Data Processing Agreement (DPA) is available for Enterprise customers on request.

Breach Notification

Effigate maintains an incident response policy with 72-hour breach notification procedures.

Infrastructure overview

Effigate's infrastructure is designed for reliability, scalability, and compliance.

Hosting

Cloud-hosted on enterprise-grade infrastructure. Dedicated infrastructure available for Enterprise plans.

Backups

Automated daily database backups. Backup archives are encrypted and stored in a separate region.

Recovery

Point-in-time recovery available. RTO and RPO targets defined per service tier.

Monitoring

Continuous uptime monitoring with alerting. Incident history and status page available.

Hosting regions and data residency

Enterprise customers often need clarity about where their tenant data is hosted, where backups are stored, and how region selection affects support and compliance. Effigate treats hosting region decisions as part of the trust model, not as hidden operational detail.

During onboarding, tenants can align their workspace with the infrastructure region that best matches their contractual or regulatory requirements. Backups are encrypted separately and retained according to the service tier, with recovery handled through documented operational procedures rather than ad hoc restoration work.

  • Primary hosting region selected during onboarding for enterprise plans
  • Backup archives stored separately from primary runtime infrastructure
  • Data transfers across regions are controlled through explicit operational processes
  • Tenant-specific hosting discussions supported during enterprise procurement

Infrastructure trust signals

Region-aware

deployment planning

Enterprise onboarding can align tenant hosting with residency expectations.

Encrypted

backup handling

Backup archives remain encrypted and operationally separated from runtime systems.

Documented

recovery process

Recovery is handled through explicit runbooks and service procedures, not ad hoc admin action.

Incident handling policy

1

Detect and isolate

Operational monitoring or user reports trigger triage, containment, and impact assessment.

2

Investigate and recover

Teams analyse logs, restore service safely, and preserve evidence for post-incident review.

3

Notify and document

Affected stakeholders are informed according to contractual and regulatory obligations, including GDPR timelines when relevant.

4

Review and improve

The incident becomes an input into control improvement, process refinement, and future prevention work.

Incident handling that supports enterprise review

Security posture is defined not only by prevention, but by how quickly and clearly an organisation responds when something goes wrong. Effigate maintains an incident-handling policy focused on containment, evidence preservation, stakeholder communication, and post-incident improvement.

That policy matters for procurement reviews because enterprise buyers need to know the platform has a credible response process for outages, access incidents, and service-impacting failures. The same auditability principles that support delivery also support incident investigation and communication.

  • Operational monitoring and alerting for service-impacting conditions
  • Evidence-preserving investigation workflow for security and platform incidents
  • Structured communication path for affected tenants and compliance contacts
  • Post-incident review focused on root cause, corrective action, and policy updates

Related governance and architecture pages

Security is strongest when evaluated alongside permissions, tenancy, SLA governance, and enterprise operating controls. These pages help complete that review.

Enterprise architecture Permissions & access control Client portal visibility model AI integrations & governance Enterprise IT workflow Jira alternative comparison

Security FAQ

Common questions from security review teams and DPOs.

Effigate uses AES-256-GCM encryption for all data at rest and TLS 1.2+ for all data in transit. Encryption keys are managed per-environment and rotated on a scheduled policy. Sensitive application-layer fields (API keys, webhook secrets) are encrypted with a separate application-level key for defence-in-depth.

No. Effigate uses a schema-per-tenant database architecture. Each tenant has their own isolated database schema — there are no shared tables between tenants. The tenancy middleware switches the active database connection before any query executes, making cross-tenant data access architecturally impossible without bypassing the middleware chain.

Effigate maintains an incident response policy that includes: immediate threat isolation, forensic investigation, notification to affected tenants within 72 hours (GDPR), regulatory disclosure as required, and a post-incident review. The exact procedure is documented in the DPA available for Enterprise customers.

Effigate is GDPR-ready. The platform provides data export, right-to-erasure workflows, consent logging, data minimisation practices, and a Data Processing Agreement (DPA) for Enterprise customers. We can provide a completed DPIA template and security questionnaire response on request.

Upon account cancellation, tenant data is retained for a configurable grace period (default: 30 days) to allow for data export. After the grace period, the tenant schema is permanently deleted. Backups containing the tenant's data are retained per the backup retention policy and then purged.

Effigate conducts periodic internal security reviews and penetration testing. Security findings are triaged by severity and remediated per our vulnerability management policy. Enterprise customers can request security review documentation and vulnerability disclosure summaries.

Security review needed? We're ready.

Our enterprise team can provide security questionnaire responses, DPA documentation, infrastructure specifications, and penetration test summaries to support your procurement process.

Request Security Documentation Enterprise Overview