Core controls
Frontelio is built to be a defensible system of record for frontline operations. The controls below describe how your data is protected in practice.
Encryption in transit & at rest
All traffic between the apps and our servers is encrypted over HTTPS/TLS, with certificates managed and auto-renewed at the edge. Data is encrypted at rest on disk — both the database and the object store that holds photos and evidence.
Tenant isolation
Frontelio is multi-tenant by design. Every record is bound to a tenant (company), and every request is scoped to the caller's tenant before any data is returned. A multi-company group owner sees only their own companies — one customer's data is never reachable from another customer's session.
Access control (RBAC)
Permissions run on a role-based access-control matrix across nine roles, from worker to group owner, with group-level overlays so multi-company owners get exactly the right reach and nothing more. Endpoints enforce roles server-side, not just in the UI.
Password hashing
Account passwords are hashed with bcrypt (a deliberately slow, salted algorithm) and are never stored or logged in plaintext. We can never see your password; a reset issues a new credential rather than revealing the old one.
Audit logging
Meaningful actions — approvals, role changes, schedule edits, attendance and leave decisions — are timestamped and written to an append-only audit log, so there is a defensible record of who did what and when.
Backups & recovery
The production database is backed up automatically every day, and we maintain a tested restore procedure so recovery is predictable rather than improvised. Evidence retention is configurable, with automatic purge once your window passes.
Infrastructure
Frontelio runs on managed cloud infrastructure (DigitalOcean) with EU data residency by default (Frankfurt region), behind a hardened reverse proxy that terminates TLS and enforces HTTPS. Secrets are injected at runtime, never committed to source.
Monitoring
Production is continuously monitored: application errors are captured in Sentry so regressions surface fast, and service health checks let on-call respond before issues spread. A public status page is on our roadmap.
Operational practices
Beyond the platform controls, these are the day-to-day practices we hold ourselves to.
- Least privilege
- Staff and integrations get the minimum access their role requires. Administrative access to production is restricted and logged.
- Secrets management
- API keys, database credentials, and service-account files are supplied to the running services as environment secrets and mounted read-only — they are never stored in the code repository.
- Secure development
- Changes pass automated type-checking and tests before they ship. Dependencies are kept current and reviewed for known vulnerabilities.
- Data minimisation
- We collect only what running your operation requires. Attendance selfies and location are captured strictly for verification, retained for your configured window, then purged.
- AI data handling
- AI photo verification runs only on the evidence your team captures, only to verify the task at hand, and results are advisory — always reviewable by a human. Your images are not used to train external models.
- Vulnerability reporting
- Found something? Email support@frontelio.com with the details. We target acknowledgement within one business day and will keep you updated through remediation.
What we do not claim (yet)
We will only ever state what we can back up. Today, Frontelio aligns with UAE PDPL and GDPR data-protection principles, and SOC 2 / ISO 27001 readiness work is in progress. We are not currently SOC 2 or ISO 27001 certified, and we make no HIPAA or PCI-DSS certification claim. When a certificate is achieved we will publish it in the Trust Center.