Security & Trust
Boring security. On purpose.
We treat your data the way we'd want our own data treated — and your customers' data the way you would. Here's exactly how that's enforced in the stack.
Tenant isolation at the driver level
Every Mongo query is auto-stamped with your companyId via our tenantScopePlugin. A query that disagrees throws CROSS_TENANT_QUERY before it can hit the database. There is no shared collection.
Encryption in transit and at rest
TLS 1.2+ across every endpoint with HSTS. MongoDB Atlas storage encrypted at rest with AWS KMS. Secrets pulled from a vault, never committed.
RBAC with 60+ granular permissions
Workforce members get exactly the permissions they need; admins are wildcards. Every mutation is gated by a permission check in middleware — not in the controller body where a forgotten guard could leak.
Force-logout + token-version epoch
Issued JWTs carry a tokenVersion. Bumping the version invalidates every active session for that member across every device and surface, instantly. Used by managers to revoke access on terminations.
Immutable audit log
Payroll changes, role updates, permission edits, exports, force-logouts — every sensitive mutation lands in an append-only AuditLog collection with actor, IP, before/after diff, and timestamp.
Defence in depth
Per-IP rate limits on every auth + public route. SSRF-safe outbound calls. Content Security Policy + frame-ancestors-none on the dashboards. Strict CORS allowlist on the API.
Where we are on certifications
We're honest about what's done and what isn't. If a compliance line item matters to you, it's worth a 10-min call.
Found a vulnerability?
Email security@corperahq.com with a description and (if you have one) a reproduction. We acknowledge within 24h, triage within 72h, and credit responsible disclosure in the release notes.
Please don't share details publicly until we've shipped the fix.