Security & Compliance

Built for businesses that take governance seriously.

Enterprise-grade security architecture, full Malaysian statutory compliance, and ASEAN data sovereignty — by design, not by patch.

Book a compliance-focused demoTalk to our team
LHDN e-InvoiceSOC2 Planned99.9% SLA (Enterprise)ASEAN Hosted

Architecture

Security at every layer.

Multi-tenant isolation, strong authentication, immutable audit trails, and encryption — enforced at the application and database level.

Row-level tenant isolation

Every database query is scoped to your tenant_id. No query path can access another organization’s data — enforced at the application layer with defense-in-depth database policies.

Authentication & SSO

JWT access tokens with 15-minute expiry and refresh token rotation. TOTP-based two-factor authentication (RFC 6238) with backup codes. Enterprise SSO via SAML2 or OIDC.

Full audit trail

Every create, update, and delete action is logged with user identity, timestamp, IP address, and affected record. Audit logs are immutable and available for export.

Encryption & access control

AES-256 encryption at rest. TLS 1.3 for all data in transit. Role-based access control (RBAC) enforced across all core modules with granular permission sets.

Compliance Matrix

Full Malaysian statutory coverage.

Auto-generates every statutory form from data already in your system. No spreadsheet exports. No consultants. No deadline panic.

Statutory Compliance

  • LHDN e-InvoiceMyInvois UBL 2.1 auto-submission
  • EPF Borang AMonthly & annual filing
  • SOCSO Form 8AEmployer & employee contributions
  • EIS Form 3Employment Insurance System
  • CP39 PCBMonthly tax deduction
  • SST-026% service / 8% sales tax

Security Controls

  • Row-level tenant isolationEvery query scoped to your organization
  • 2FA with TOTPTime-based one-time passwords + backup codes
  • SSO (SAML2 / OIDC)Enterprise single sign-on integration
  • Full audit loggingEvery action recorded with user, timestamp, and IP
  • RBAC permissionsRole-based access control across all modules
  • Data encryptionAES-256 at rest, TLS 1.3 in transit

Data Sovereignty

Your data stays in Southeast Asia.

Application and database infrastructure is hosted in Southeast Asia. Multi-tenant isolation is enforced at the database level. Your data never leaves the ASEAN region unless you explicitly export it.

ASEAN-region hostingDaily backups (30-day retention)PDPA-aligned practices

Reliability

Uptime you can depend on.

  • 99.9% uptime SLA

    Enterprise plans include a 99.9% uptime service-level agreement with financial remediation.

  • Incident response

    Real-time health monitoring with automated alerting. Critical incident response within 4 hours during business hours.

  • ASEAN-region hosting

    Application and database infrastructure hosted in Southeast Asia. Automated daily backups with 30-day retention.

Certification Roadmap

Where we're headed.

We are building toward industry-standard certifications. This roadmap reflects our current plans and commitments.

  • SOC2 Type II

    On roadmap

    Formal evaluation planned as part of our enterprise compliance program.

  • ISO 27001

    Planned

    Information security management certification targeted for future implementation.

  • Penetration testing

    Planned annually

    Third-party penetration testing to be conducted on an annual cycle.

Need more detail?

We're happy to walk through our security architecture, compliance coverage, and infrastructure with your IT or procurement team.

Book a compliance demoEmail our team