Security overview

Auditly is designed for operational teams handling inspections, images, and corrective actions across multiple organisations. Our approach focuses on practical application security, authenticated access, tenant-aware data handling, and conservative operational controls.

This page is a high-level overview rather than a formal certification statement. We will update it as our controls mature.

Auditly supports controlled user access through authenticated sign-in and organisation membership. Current product patterns include organisation scoping, role-based access, server-side validation, and protected routes for admin-only actions.

Customers are responsible for managing their own users, roles, and invitation workflows appropriately within their workspace.

Auditly is built on modern web infrastructure using Next.js, Prisma, and PostgreSQL-backed storage. We use managed cloud services to host the application, persist product data, and support operational reliability.

Customer records may include inspection responses, corrective actions, comments, and uploaded images. We aim to keep production access limited to the people and systems needed to operate and support the platform.

We expect Auditly traffic to be served over HTTPS and we use authenticated application flows for access to protected data. Core product behaviour is implemented with server-side checks rather than relying only on client-side controls.

We also use established service providers for authentication, payments, and transactional email where those capabilities are enabled for a customer account.

We use managed platform services that support routine backup and recovery practices, but customers should still treat Auditly as part of their broader operational risk program rather than a replacement for internal recordkeeping obligations.

Security is a shared responsibility. We secure the application and supporting infrastructure we control, while customers are responsible for user administration, device hygiene, the accuracy of uploaded records, and safe internal operating processes.

If you believe you have found a security issue in Auditly, contact us before attempting any disruptive testing. Include enough detail for us to reproduce and investigate the issue responsibly.