Security in the code, not on a slide.
We sell compliance. We hold ourselves to the same standard we sell to. Below: the eight controls enforced in the platform today — architectural, not aspirational.
What's enforced today.
Each of these is a real check in the codebase — not a slide.
Tenant isolation, server-side
Every query, retrieval, and AI tool call is bound to the calling organization via server-side context. The LLM cannot see another customer's data — and cannot supply or override the org_id even if asked.
AWS Bedrock via STS AssumeRole
AI inference runs on AWS Bedrock (Claude Sonnet 4.5) accessed via STS AssumeRole — no shared API keys, no third-party prompt proxies. Embeddings use Titan v2.
AuditLog on every mutation
Every change writes a row to an append-only AuditLog with actor, timestamp, and action. Every Effy AI tool call is logged centrally.
AUDITOR role at the data layer
Read-only enforced in the database, not just the UI. Auditors view, comment, and submit reviews — but cannot edit a record, accidentally or otherwise.
Immutable PolicyVersion
When a policy is published, a PolicyVersion record locks. Drafts and approved-but-unpublished content stay separate so an auditor sees what was published, when, and by whom.
Encryption in transit and at rest
TLS 1.2+ for all in-transit traffic. AES-256 encryption at rest via the underlying managed services. Backups encrypted with the same standards.
Role-based access control
Nine production roles enforced server-side on every API route. Frontend gates are UX only; the security guarantee is in the API layer. MFA and SSO supported.
Hosted on AWS
All production infrastructure runs on AWS managed services with vendor-attested compliance posture. MongoDB Atlas for primary data, S3 for evidence storage.
Have a security questionnaire?
Email security directly. We turn around standard responses in two business days.