Platform Security

Decision Pipelines™ is built with security at every layer. Detailed documentation is available in the document library.

Infrastructure

Hosted on Digital Ocean (NYC region, US). Digital Ocean maintains SOC II Type II and ISO 27001 certifications. All client data resides in the United States.

Encryption

All data encrypted in transit (TLS 1.2+) and at rest (AES-256). HSTS enforced. Application-layer encryption for sensitive fields.

Authentication

All access to Decision Pipelines™ applications requires an authenticated portal session. The portal issues RS256-signed JSON Web Tokens (JWTs) on login. Each pipe application independently verifies token signatures using a public key — only the portal holds the private key and can issue tokens. Tokens carry tenant identity and are short-lived, with revocation enforced via an in-memory store. Direct access to any pipe application without a valid portal session is blocked at the application layer.

Tenant Isolation

Shared-database, row-level tenant isolation with mandatory ORM-level query scoping. JWT claims enforce tenant boundaries at the application layer — a token issued for one credit union cannot be used to access another tenant’s data. Validated by automated tests on every deployment.

Application Security

Peer-reviewed code, CI/CD security scanning, OWASP Top 10 protections, immutable deployments.

Access Control

Least privilege with MFA on all production access. Quarterly access reviews. No routine personnel access to client data.

Register for detailed documentation