Enterprise security.
Built into every layer.
StaffSync was built for organizations managing sensitive workforce data across multiple locations. Security is an architectural requirement, not a feature flag.
What runs StaffSync.
No proprietary or unvetted infrastructure. Every component is a battle-tested enterprise service.
| Service | Role |
|---|---|
| AWS S3 | All file uploads stored with server-side encryption |
| AWS KMS | Per-organization encryption keys — data never mixed cross-org |
| CloudFront CDN | Files via time-limited signed URLs — never permanently exposed |
| PostgreSQL | Primary relational database with organization-scoped isolation |
| DragonflyDB | High-performance in-memory caching for real-time operations |
| AWS SES | Transactional email for notifications and OTP verification |
| Sentry | Real-time error monitoring for web portal and API |
| New Relic APM | Application performance monitoring and observability |
| Docker | Containerized deployment for consistent environments |
Session security by default.
JWT with aggressive token expiry and HTTP-only cookie storage — access tokens never touch JavaScript.
- JWT access tokens with 60-second expiry
- 7-day refresh tokens in HTTP-only cookies — no JS access
- Bcrypt password hashing with salting
- Forced password change on first login
- OTP email verification for account access
- Rate limiting: 3/s · 200/min · 800/5min
| Access Token Expiry | 60 seconds |
| Refresh Token Expiry | 7 days |
| Cookie Type | HTTP-only · Secure |
| Password Hash | bcrypt + salt |
| Rate Limit / sec | 3 req/s |
| Rate Limit / min | 200 req/min |
Your data cannot reach another organization.
Multi-tenant isolation enforced at the data layer. Every query scoped by organizationId. Cross-org access is architecturally impossible.
Organization-Scoped Queries
Every Prisma model includes an organizationId key. All reads and writes filtered to the authenticated org.
Per-Org KMS Keys
Each organization has its own AWS KMS key. Files are encrypted with a key that belongs exclusively to you.
Separate Admin Portal
Super-admin portal is a completely separate application. Org users have no path to super-admin functionality.
16 permission subjects. Every action logged.
CASL-enforced permissions. Every admin action immutably logged with before/after snapshot.
Have specific security requirements? Let's talk.
Our team will walk through the infrastructure, data model, and access control architecture in detail.