Data Security
Last updated:
Dasibell takes the security of your lease operations data seriously. This page describes the technical and organisational measures in place to protect the information stored in LeaseFlow OS.
๐ TLS Encryption
๐ Hashed Passwords
๐ก JWT Authentication
๐ Encrypted at Rest
๐ Audit Logging
๐ Role-Based Access
Data Encryption
- In transit: All communication between your browser and LeaseFlow OS is encrypted using TLS 1.2 or higher. Plain HTTP is not accepted.
- At rest: Database storage is encrypted at the infrastructure level. Passwords are hashed using bcrypt with a minimum cost factor of 10 โ plaintext passwords are never stored.
Authentication and Access Control
- Session tokens are JSON Web Tokens (JWT) with a configurable expiry and are signed with a server-side secret not exposed in client code.
- Role-based access control ensures team members can only access functions appropriate to their assigned role (CEO, Secretary, Accountant).
- Invitation-only registration: new users can only join your organisation via a time-limited, single-use invite link sent to their email address.
- All administrative actions (user changes, contract edits, financial entries) are recorded in a tamper-evident audit log with timestamps and user attribution.
Infrastructure Security
- LeaseFlow OS is deployed on a managed cloud platform with automatic security patching and DDoS protection.
- Database access is restricted to application-layer connections only โ no direct public database access is permitted.
- Environment secrets (SMTP credentials, API keys, JWT secrets) are managed via a secrets management system and never committed to source code.
Operational Security
- File and document storage uses object-level access controls with private-by-default permissions.
- Automated backups are performed at regular intervals with point-in-time recovery capability.
- Security-relevant events are logged and monitored for anomalous activity.
Responsible Disclosure
If you discover a security vulnerability in LeaseFlow OS, please report it responsibly to support@dasibell.com. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate it. We are committed to responding to verified security reports promptly.
Contact
Security concerns or questions: support@dasibell.com