Security at FinVeil

AES-256-GCM with per-field authenticated encryption. All PII (names, salary amounts, bank details) is encrypted individually, not just at the disk level. Each ciphertext carries its own authentication tag, ensuring tamper detection at the field level.

OAuth2/JWT with short-lived access tokens (60 min) and 7-day refresh tokens. Row-level security isolates tenants — no employer can ever read another employer's data. Role-based access control enforces three tiers: ADMIN, HR_MANAGER, and VIEWER.

Rate limiting, input validation, and OWASP Top 10 hardening on every endpoint. All API keys are hashed at rest. Webhook payloads are HMAC-SHA256 signed so recipients can verify authenticity and integrity.

Every data access and mutation is logged with user ID, IP address, timestamp, and action. Logs are retained for 12+ months. The audit trail is append-only with integrity verification — entries cannot be modified or deleted.

Hosted on Railway's infrastructure. PostgreSQL with TLS in transit. See Railway's compliance documentation for infrastructure certifications. Infrastructure is monitored and patched continuously.

Designed to POPIA requirements; compliance programme under ongoing legal review. Consent is tracked per employee. The platform supports the right to access, correct, and delete personal information. For full details, see our POPIA Compliance page.