Security

Six pillars, one promise.

Your firm's data, your consultants' PII, your vendor relationships, isolated, encrypted, audited. Here's how.

Row-Level Security

Every tenant-scoped table has a Postgres RLS policy. Isolation is enforced by the database, not by application code. A bug in Python cannot leak another firm's rows.

PII encrypted at rest

SSN, passport number, driver's license, visa documents, Fernet-encrypted at column level before storage. At rest, Postgres + object storage add AES-256.

Short-lived tokens

Access tokens expire in 30 minutes. Refresh tokens rotate on every use. Compromised credentials have a bounded blast radius.

Audit logging

Platform-admin access, impersonation events, PII decrypt events and every state-changing mutation write to immutable audit logs with actor + IP + timestamp.

Least-privilege roles

Five tenant roles (admin, recruiter, hr, rep, consultant) with explicit capability matrices. Platform-admin access is separate and scoped narrowly.

Data minimisation

Consultant PII is asked for only when compliance requires it. We don't collect SSN from non-W-2 workers. We don't ask for driver's license copies unless state law requires it.

Compliance posture

Where we stand today.

SOC 2 Type I

In progress. Target completion Q3 2026. Security questionnaires and architecture diagrams available on request.

GDPR / US state privacy

Data Processing Addendum available. Subject Access Requests processed within 30 days.

I-9 / E-Verify / SEVIS

Compliance workflows built into the product. Signatures include IP + user-agent + timestamp audit trail.

Penetration testing

Annual third-party pentest planned post-Type I. Ad-hoc static analysis (Bandit, Semgrep) on every commit.

Report a vulnerability

Responsible disclosure, fast acknowledgement.

Email security@benchflo.com with reproduction steps. We'll acknowledge within 24 hours and coordinate a fix.

security@benchflo.com