Security & Data Protection

Your Data Belongs to Your Department.

Member records, certification data, exposure incidents, and personnel files are sensitive. Here's exactly how Axe & Node protects them — at the architecture level, not just the policy level.

🏗️

Tenant Isolation

Every department is a separate tenant. Your data is isolated from every other department by architecture — not configuration. There is no path in the application to query across tenant boundaries.

👁️

Role Permissions

Four-tier access control: Admin, Chief, Officer, Member. Configure Read vs. Read/Write vs. None per module, per role. Changes take effect immediately across all users.

📋

Audit Log

Every record creation, edit, and deletion is logged with user ID, timestamp, and old/new values. Tamper-evident. Searchable. Exportable. Survives officer turnover.

🔒

IP Security

Whitelist approved IP ranges. Block specific addresses. Rate limiting prevents brute-force login attempts. Configurable per department without contacting support.

Tenant Isolation — How It Works

Architecture-Level Separation

Every database query in Axe & Node is automatically scoped to the authenticated tenant. There is no query in the application that retrieves data across departments. The isolation is structural — not configurable, not bypassable through the UI.

A full database export contains only your department's records. Another department's administrator cannot see your members, your drills, your LOSAP ledger, or your audit log — not because we hide it, but because their queries return zero rows from your data.

✓Member records isolated per tenant

✓Settings isolated per tenant

✓Audit logs isolated per tenant

✓Exports scoped to your tenant only

✓No cross-department visibility by architecture

Every query — without exception
// ✗ This query is impossible in Axe & Node:
SELECT * FROM members;

// ✓ Every query enforces tenant scope:
SELECT * FROM members
WHERE tenant_id = 7;
-- Injected from session · cannot be overridden

→ Another dept executing any query
returns 0 rows from your data

Additional Security Features

More Than Access Control

🕐

Login History

Full login history for every user account — IP address, device, timestamp, and success/failure. Available to admins at any time.

⏱️

Session Management

Configurable session timeout. Inactive sessions expire automatically. Officers can invalidate all active sessions for a user account.

📧

SMTP Email Control

Use your own SMTP server for all automated emails. You control the sending domain. Email credentials never leave your configuration.

📁

OSHA Exposure Record Retention

Exposure incident records are stored permanently per OSHA 1910.1020 requirements — 30-year retention for exposure records. Employee medical records (physicals, physician evaluations) are not stored in Axe & Node.

🔑

Password Security

Passwords are hashed using industry-standard algorithms. Plaintext passwords are never stored. Admins cannot retrieve member passwords.

📤

Your Data, Your Export

Request a full data export at any time. Receive your department's complete records as structured data. No lock-in, no hostage data.

Questions about how we protect your data?

Ask Us Directly →