Security & data isolation
Your data is yours alone - and we can prove it.
MEP handles the numbers that run your business. Keeping each operator's data completely separate is not a feature we added - it is how the system is built from the database up. Here is exactly how.
Row-level security on every table
MEP is multi-tenant on a single hardened database, and every application table enforces PostgreSQL row-level security. Access is decided by the database itself - not by hopeful application code - so one operator's queries physically cannot return another operator's rows.
Isolation proven on every change
We don't just assert isolation, we test it. An automated suite creates two separate organizations and probes every table in both directions - read, update, delete, and insert - confirming neither can reach the other. It runs in our pipeline on every code change, and the build fails if any new table ships without isolation coverage.
Least-privilege staff roles
Owners and managers see the full picture; viewers are read-only; line staff see only their prep checklists and station counts - never your sales, labor, or financials. A line cook is walled off from the C-suite data at the database schema level, not just hidden in the interface.
Verified elevation for privileged actions
The few operations that must run with elevated database access first prove the caller's access through their own permissions, then act only on the verified account and venue - never on raw input. Every such path is inventoried and reviewed.
Full audit trail
Every change is written to an append-only audit log with the actor, the account, and what changed. Sensitive headers, cookies, and raw request bodies are never logged. Signed HR documents live in a private store served only through short-lived links after a manager check.
Transport and browser hardening
Traffic is HTTPS-only with strict transport security. The application refuses to be embedded in other sites (anti-clickjacking), blocks content-type sniffing, and constrains what the browser is permitted to load.
Working toward SOC 2
MEP is built to SOC 2 practices - route-level audit logging, least privilege, encrypted transport, and tested backups. A formal third-party penetration test and audit are on the roadmap as we scale. If your team needs specifics for a security review, we are glad to walk through them.
Sign in