What protects your data today —
and what's still on the roadmap.

Dedicated authentication realm Live

• Customer portal accounts live in their own authentication system, fully separate from our internal operations accounts — a customer credential has no standing anywhere else, and vice versa.
• Passwords are stored as salted PBKDF2 hashes; repeated failed logins trigger lockout throttling; sessions expire automatically and use a scoped session cookie.
• Access is request-based: every account is individually approved by an administrator before first sign-in, and password reset uses one-time tokens.

Tiered, server-side access control Live

• Four role tiers — viewer < engineer < manager < admin — enforced on the server before any request is handled, never just hidden in the UI.
• Design-changing actions require engineer or above; design approval requires manager or above; user management and audit access are admin-only.
• Every product page requires a valid session; unauthenticated requests are redirected to sign-in by default-deny — public marketing pages are an explicit allowlist.

Audit logging Live

• Logins, user changes, approvals, data exports, and denied write attempts are recorded in an append-only audit log (who, what, when), reviewable by administrators.

Encryption in transit Live

• All portal traffic is served exclusively over TLS (HTTPS).
• Internal replication and backup transfers run over encrypted channels.

Backups & recovery Live

• Nightly backups of databases, customer designs, and configuration to a separate system, transferred over an encrypted channel, with multi-day retention and documented restore procedures.

Customer data handling Live

• Each design-partner account works in its own access-controlled workspace; accounts see their own designs and activity.
• Self-service data export of your account record and activity; deletion requests are queued, processed by an administrator, and confirmed back to you.
• Your boundaries, designs, and as-builts are treated as confidential and are not used to benefit other customers without a de-identified-feedback agreement you sign explicitly.

SOC 2 Program underway

A SOC 2 readiness program is underway, scoped to Security, Availability, and Confidentiality, on the standard path of readiness → audit → Type II report. We are not yet SOC 2 certified and do not claim to be. Ask us for current program status during procurement.

Enterprise hosting & isolation roadmap Roadmap

• Migration to managed cloud infrastructure with encryption at rest, managed key handling, and per-tenant storage isolation.
• SSO/SAML for enterprise identity providers.
• Independent penetration testing and recurring vulnerability scanning as part of the SOC 2 window.

Until those land we deliberately run a small, NDA-bound design-partner program rather than open multi-tenant onboarding — the honest way to operate at our current stage.