Enterprise-Grade
Security

ComplyShield is built from the ground up with security-first architecture. Your compliance data deserves the same level of protection you apply to your own clients.

Infrastructure

Single-Tenant Isolation

Every client gets a fully isolated instance with a dedicated database. No shared tenancy, no data commingling, no cross-tenant risk.

Dedicated Database

Each instance runs on its own PostgreSQL database with complete data isolation.

Encrypted at Rest

All data encrypted using AES-256 encryption at the storage level.

Encrypted in Transit

All connections secured with TLS 1.3. No unencrypted traffic allowed.

Docker Containers

Containerised deployment ensures consistent, reproducible, and isolated environments.

Your Instance

Dedicated app + database

TLS 1.3 Encryption

All data in transit

AES-256 at Rest

Storage-level encryption

Authentication

Strong Authentication Controls

Mandatory 2FA

Two-factor authentication is required for all users. Supports TOTP apps like Google Authenticator and Authy.

Azure AD SSO

Enterprise single sign-on via Azure Active Directory. Centralise identity management and enforce corporate authentication policies.

Strong Password Policy

Minimum 12 characters with complexity requirements. Passwords are hashed with bcrypt and never stored in plain text.

Login Rate Limiting

Brute-force protection with progressive rate limiting on login attempts. Automatic lockout after repeated failures.

Session Management

Configurable session timeouts, concurrent session controls, and secure cookie handling with SameSite and HttpOnly flags.

Access Control

Fine-Grained Permissions

6 RBAC Roles

Role-based access control with six predefined roles: Super Admin, Admin, Compliance Manager, Risk Analyst, Auditor, and Viewer. Each role has carefully scoped permissions.

IP Whitelisting

Restrict platform access to approved IP addresses or CIDR ranges. Ensure only users on your corporate network or VPN can reach the application.

Complete Audit Trail

Every create, update, and delete action is logged with the user, timestamp, old values, and new values. Audit logs are immutable and available for export.

Data Protection

Your Data, Your Control

Data Isolation

Complete data isolation per client. No shared database tables, no multi-tenant data commingling.

Automated Backups

Daily automated backups with point-in-time recovery. Backups are encrypted and stored in a separate location.

Data Retention

Configurable data retention policies aligned with regulatory requirements. Data purged upon account termination.

GDPR-Ready

Full support for GDPR data subject rights: access, rectification, erasure, and portability.

Compliance & Certifications

Built on trusted technologies

Open-Source Foundation

ComplyShield is built on battle-tested open-source technologies with transparent security records.

  • Laravel — PHP framework with built-in CSRF, XSS, and SQL injection protection
  • PostgreSQL — Enterprise-grade database with row-level security capabilities
  • Docker — Containerised deployment for consistent and isolated environments

Security Headers

Every response includes industry-standard security headers to protect against common web vulnerabilities.

  • HSTS — Strict Transport Security enforces HTTPS connections
  • CSP — Content Security Policy prevents XSS and data injection attacks
  • X-Frame-Options — Prevents clickjacking by blocking framing

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report any security issues directly to our security team.

security@up2date.ro