TrackProject is currently available by invitation only.
Request access·Book a demo·Sign in
TrackProject
Trust & Compliance · Security & AI

Security Center

The technical and organisational controls that protect TrackProject and Customer data.

Versionv4.0Last updated2026-06-25Last audit2026-05-12
UK GDPREU GDPRCCPA / CPRAISO/IEC 27001:2022ISO/IEC 42001 (AI)SOC 2
Contact security Report vulnerability Request data export Request account deletion

TLS

1.2+

At-rest encryption

AES-256

MFA

TOTP + SSO

Controls enabled

31/41

31 enabled · 5 enterprise tier · 5 on roadmap.

Security control matrix

Every control below is implemented in the live platform unless flagged as enterprise tier or roadmap.

Identity

  • Email/password with breach-password check

    Have-I-Been-Pwned k-anonymity check at sign-up and password change.

    Enabled

  • Google SSO

    OAuth 2.0 / OIDC.

    Enabled

  • Magic-link sign-in

    Short-lived, single-use links.

    Enabled

  • TOTP multi-factor authentication

    RFC 6238 with printable backup codes.

    Enabled

  • SAML 2.0 / OIDC single sign-on

    Microsoft Entra ID, Google Workspace, Okta, OneLogin, Ping Identity.

    Enterprise tier

  • SCIM 2.0 provisioning

    JIT provisioning available today.

    Roadmap

  • Step-up authentication

    Required for exports, role changes and AI agent approvals.

    Enabled

Encryption

  • TLS 1.2+ in transit

    Modern cipher suites, HSTS preload, certificate transparency.

    Enabled

  • AES-256-GCM at rest

    Database, object storage, backups.

    Enabled

  • Envelope-encrypted secrets

    Managed key hierarchy with automatic data-key rotation.

    Enabled

  • Customer-managed keys (BYOK)

    Enterprise feature under evaluation.

    Roadmap

Access

  • Row Level Security

    Enforced on every Customer-facing table.

    Enabled

  • Role-based access control

    Dedicated user_roles table; security-definer functions.

    Enabled

  • Workspace isolation

    Per-workspace scopes for storage, AI, audit, IoT and integrations.

    Enabled

  • Custom enterprise roles

    Bespoke role definitions per workspace.

    Enterprise tier

  • Just-in-time engineering access

    Hardware-backed FIDO2 keys, time-bound approvals, session recording.

    Enabled

Network

  • Edge DDoS protection

    Global CDN with attack mitigation and WAF.

    Enabled

  • Rate limiting & abuse controls

    Per-IP, per-token and per-route limits.

    Enabled

  • IP allow-listing

    Restrict workspace access to specified ranges.

    Enterprise tier

  • Private link / VPC peering

    Enterprise deployment option under evaluation.

    Roadmap

Operations

  • Immutable audit log

    Append-only, exportable, surfaced to administrators.

    Enabled

  • 24/7 monitoring & alerting

    Structured logs, traces, anomaly detection, on-call runbooks.

    Enabled

  • Documented incident response

    Triage, containment, eradication, recovery, notification.

    Enabled

  • Continuous vulnerability scanning

    Dependency, container, IaC, secret and static analysis.

    Enabled

  • Annual third-party penetration test

    Summary available under NDA.

    Enabled

  • Change-management with code review

    Branch protection, required review, signed releases.

    Enabled

AI

  • AI permission inheritance

    AI inherits the User's RLS scope.

    Enabled

  • No training on Customer data

    Contractual ban with every model provider.

    Enabled

  • AI tool-call audit logging

    User, tools, entities, model, timestamp.

    Enabled

  • Prompt-injection mitigations

    Tool sandbox, output sanitisation, instruction filters.

    Enabled

  • Per-tenant AI kill switch

    Disable AI features per workspace or per role.

    Enterprise tier

  • Model pinning & rotation notice

    30-day notice of material model changes.

    Enterprise tier

Data

  • Customer data ownership

    Customers retain all rights to submitted content.

    Enabled

  • Self-service export

    JSON / CSV / IFC / glTF / PDF export of workspace data.

    Enabled

  • Right to erasure workflow

    Per the Privacy Policy and DPA.

    Enabled

  • UK / EU data residency by default

    Database, storage and backups in UK / EU.

    Enabled

  • US / APAC regional deployments

    Available for enterprise on request.

    Roadmap

Resilience

  • Point-in-time backups

    Continuous, geographically separated within the residency region.

    Enabled

  • Annual disaster-recovery testing

    Documented RPO ≤ 15 min / RTO ≤ 4 h targets.

    Enabled

  • 99.9% availability target

    Enterprise SLAs available on request.

    Enabled

  • Multi-region active-active

    Cross-region failover under evaluation.

    Roadmap

Reference

Authentication & identity

Email-and-password with breach-password screening (Have I Been Pwned k-anonymity), magic-link sign-in, Google SSO and TOTP MFA are available to every tenant. SAML 2.0 SSO and OIDC are available on enterprise tiers with Microsoft Entra ID, Google Workspace, Okta, OneLogin, Ping Identity and any standards-compliant identity provider. JIT provisioning is supported today; SCIM 2.0 lifecycle management is on the roadmap.

Multi-factor authentication

TOTP-based MFA (RFC 6238), printable backup codes and IdP-enforced MFA via SSO. Workspace administrators can require MFA for all members and step-up MFA for sensitive actions including data export, role changes, integration consent and AI agent approvals.

Single sign-on (SSO)

SAML 2.0 and OIDC with just-in-time provisioning, attribute-based role mapping, group-based workspace assignment and signed-assertion enforcement. Tested against Microsoft Entra ID, Google Workspace, Okta, OneLogin and Ping Identity. SCIM 2.0 on the roadmap.

Role-based access control

Granular roles (owner, admin, project manager, engineer, viewer, client portal, auditor) gate features, data and actions. Roles are stored in a dedicated user_roles table and evaluated by security-definer functions to prevent privilege escalation. Custom enterprise roles are available.

Row Level Security

Every Customer record is protected by PostgreSQL Row Level Security policies enforced at the database boundary. GRANTs are explicit per table and per role. Security-definer helpers prevent recursive policy bypass. The application layer cannot escape RLS.

Tenant isolation

Workspaces are isolated by workspace_id at every layer: database rows, object-storage prefixes, audit streams, AI permission scopes, IoT partitions and integration tokens. No shared cache, no shared embedding index, no cross-tenant joins. Background jobs run with the originating workspace's RLS context.

Secrets management

Application secrets, API tokens and integration credentials are stored in an envelope-encrypted secret manager, never in source control, and are scoped to a single workspace where applicable. Access requires a service identity bound to a specific role. Secrets are rotated on a defined cadence and after personnel changes.

Key rotation

Encryption keys are managed through a key hierarchy with a long-lived root and short-lived data keys. Data keys are rotated automatically; the root key is rotated on a defined cadence and after personnel changes that affect the operational key holders. Old keys are retained only as long as required to decrypt archived data, then destroyed.

Encryption

All traffic to TrackProject is served over TLS 1.2+ with modern cipher suites, HSTS preload, and certificate transparency. Data at rest — database, object storage, backups and ephemeral caches — is encrypted with AES-256-GCM. Backups are encrypted before leaving the production environment.

Session management

Short-lived access tokens with automatic refresh, sliding inactivity timeouts, sign-out-everywhere, IP and device fingerprinting and anomaly-driven step-up authentication. Sessions are invalidated on password change, MFA reset and role downgrade.

Logging

Structured application logs are shipped to a centralised log aggregator with personal data scrubbed at source. Logs are retained for 90 days hot and up to 1 year cold for forensic purposes. Access to logs requires named, time-bound just-in-time approval.

Audit trails

Authentication, role changes, exports, sign-offs, AI tool calls, platform-admin actions and configuration changes are recorded in an immutable, append-only audit log surfaced to workspace administrators and exportable in JSON or CSV.

Backups

Continuous point-in-time backups with daily snapshots, geographically separated within the residency region. Backups are encrypted, integrity-checked and tested through periodic restore exercises.

Disaster recovery

Disaster recovery is tested at least annually with documented Recovery Point Objective (RPO ≤ 15 minutes) and Recovery Time Objective (RTO ≤ 4 hours) targets for the production environment. Enterprise customers may agree stricter targets under SLA.

Monitoring

24/7 platform monitoring with structured log aggregation, distributed tracing, performance metrics, anomaly detection and security alerting. Alerts page on-call engineers with documented runbooks for the most common failure modes.

Vulnerability management

Continuous dependency scanning, static application security testing, container image scanning, infrastructure-as-code scanning, secret scanning and at least one annual third-party penetration test. Critical vulnerabilities are remediated within 7 days, high within 30 days and medium within 90 days.

Incident response

A documented incident-response runbook covers triage, containment, eradication, recovery, customer notification and post-incident review. Material incidents are notified to affected Customers without undue delay and in any case within 72 hours of confirmation.

AI security

Prompts and retrieved context are encrypted in transit and at rest. Tool outputs are sanitised against prompt injection. The tool surface is constrained to permitted operations within the User's RLS scope. AI cannot execute arbitrary SQL, escape its sandbox, read raw secrets or call unregistered endpoints.

Infrastructure security

TrackProject runs on hardened cloud infrastructure in the UK and EU with global edge delivery. Production access is gated by SSO, hardware-backed FIDO2 keys, just-in-time approvals and session recording. Infrastructure changes flow through code review, automated tests and staged rollout.

Supply-chain security

Dependencies are pinned and reviewed before update. CI/CD pipelines are hardened with branch protection, required code review, mandatory secret scanning and signed releases. Subprocessors are vetted before onboarding and reviewed at least annually.

Personnel security

Employees and contractors receive security training on joining and annually thereafter, are subject to background checks where lawful, sign confidentiality agreements and have their access revoked promptly on leaving.

Responsible disclosure

Security researchers can report vulnerabilities via the Responsible Disclosure programme at security@track-project.com. We acknowledge within two business days, triage within five business days and follow a coordinated disclosure process with safe-harbour protection for good-faith research.

Questions about this document? Contact legal@track-project.com · Security: security@track-project.com

© 2026 TrackProject Ltd. Version 4.0 · Last updated 2026-06-25.

Version history

  • v4.02026-06-25Added key rotation, logging, supply-chain, personnel and tenant isolation sections; aligned with Security Dashboard.
  • v3.12026-03-15Added SSO/MFA/session/device sections.
  • v3.02026-03-01Added Responsible Disclosure, infrastructure and secrets management.
Trust Center Security Center AI Governance Responsible AI Architecture Integrations Compliance Subprocessors