Security at Portal Worx

Your data is our responsibility. We build security into every layer of the platform.

Data Encryption

All data transmitted between your browser and our servers is encrypted using TLS/SSL. Passwords are securely hashed using industry-standard algorithms and are never stored in plain text.

Tenant Isolation

Each organisation's data is stored in a separate PostgreSQL database schema. This provides true database-level isolation — your data is physically separated from other organisations, not just filtered.

Authentication

Secure authentication using JWT tokens stored in HTTP-only cookies. CSRF protection on all state-changing requests. Magic link authentication available for passwordless login.

Audit Trails

Comprehensive security audit logging tracks all significant events across the platform, including authentication attempts, account changes, and administrative actions with IP address and user agent recording.

Infrastructure

Hosted on Amazon Web Services (AWS) with managed PostgreSQL databases (RDS), S3 file storage with CloudFront CDN, and automated backups. AWS maintains SOC 2, ISO 27001, and other compliance certifications.

Rate Limiting

Sensitive endpoints are protected with rate limiting to prevent brute-force attacks and abuse. Account creation is limited to 3 attempts per hour per IP address.

Privacy & Compliance

GDPR Compliance

Portal Worx is built with GDPR compliance in mind. We support data subject rights including access, rectification, erasure (right to be forgotten), and data portability. Users can submit erasure requests directly through the platform.

POPIA Compliance

As a South African company, we comply with the Protection of Personal Information Act (POPIA). We process personal information lawfully, minimise data collection, and provide transparent information about how data is used.

Data Pseudonymisation

All uploaded files are stored with UUID-based filenames, separating the file content from personally identifiable information. This provides an additional layer of privacy protection.

Data Retention

Deleted items are held in a 30-day recovery window before permanent deletion. Account data is preserved during subscription lapses and trial expiry, allowing you to resume without data loss.

Security Best Practices for Users

Use strong passwords — At least 8 characters with uppercase letters and numbers. Avoid reusing passwords across different services.

Keep credentials private — Never share your login credentials with others. Each team member should have their own account.

Review user access regularly — Organisation administrators should periodically review team member roles and remove access for users who no longer need it.

Use document privacy controls — Take advantage of category-level privacy settings to restrict access to sensitive project documents.

Report suspicious activity — If you notice any unusual activity on your account, contact us immediately at security@portal-worx.com.

Report a Security Concern

If you discover a security vulnerability or have a concern about the security of the platform, please contact our security team. We take all reports seriously.

security@portal-worx.com

For more information about how we handle your data, see our Privacy Policy and Cookie Policy.