Security and tenancy isolation, made on day one
Security at EXN is an architectural posture, not a feature list. These choices were made when the platform was designed, not bolted on after a customer asked. The right answer to “is my data isolated?”, “can I revoke access?” and “who touched this transaction?” is always: yes, here is the evidence.
Five pillars
Five architectural commitments, each made when the platform was designed rather than bolted on later.
01 · Service
Multi-tenancy
Your data is not commingled with anyone else's. Every tenant has its own data, credentials and configuration, isolated at every layer.
02 · Service
Authentication & RBAC
Two-factor by default. Roles you can audit. Sessions you can revoke.
03 · Service
Encryption & credentials
Credentials encrypted at rest. Traffic encrypted in transit. Secrets never logged.
04 · Service
Audit trail
Every transformation, every retry and every payload, captured, searchable and exportable.
05 · Service
Compliance posture
We meet our obligations and we help you meet yours: GDPR, myDATA / ΑΑΔΕ, and a clear contractual posture.
Multi-tenancy
Isolated at every layer of the system.
01
Database
Schema-level or row-level isolation, depending on the deployment.
02
Application
Tenant context propagates through every operation; no operation runs without it.
03
API
Tenant identification required on every request; cross-tenant calls are rejected at the boundary.
04
Configuration
Settings are tenant-scoped end to end. A change for one tenant cannot leak to another.
Authentication & RBAC
Two-factor by default. Roles you can audit. Sessions you can revoke.
01
TOTP MFA
Enforced for staff, configurable for tenants. Backup codes are single-use and stored as hashes only, so once shown they are never recoverable.
02
Role-based access
Two orthogonal scopes: platform-scope (cross-tenant, for Connecting Dots staff) and tenant-scope. Roles are named and auditable.
03
Sessions
Revocable per device. “Log out everywhere” is one click in the customer portal.
04
Rate limiting
Enforced server-side on credentials, lockouts and password reset.
Encryption & credential handling
- HTTPS / TLS only, with no plaintext transport anywhere.
- Per-tenant credential vault, encrypted at rest with distinct keys.
- Audit logs redact secrets before they're written.
Even an operator with full audit access never sees a raw credential.
Audit trail
Every transformation, every retry and every payload, captured, searchable and exportable.
The audit trail is the single source of truth for “what happened across the stack”. It captures the full lifecycle of every event: source, transformations applied, destination, retries, outcomes.
- Event taxonomy. Events are typed (ingestion, transformation, dispatch, retry, error, AI suggestion applied) so queries are precise.
- Retention. Configurable per tenant, with defaults that match GDPR retention principles.
- Exports. Trail data exports cleanly into formats your auditors accept.
- Access. Tenant-scoped and role-restricted.
AI accent: natural-language summaries explain every retry and failed transmission, so compliance teams understand the history without reading raw logs.
The audit trail: searchable history and per-event detail.
Compliance posture
We meet our obligations and we help you meet yours.
01 · Service
GDPR
Data subject access requests, retention windows, deletion workflows. The audit trail makes evidence-of-compliance an export, not a project.
02 · Service
myDATA / ΑΑΔΕ
Native flow with full audit. Every transmission is timestamped, every cross-reference between invoice and order is traceable.
03 · Service
Contractual posture
Data Processing Agreement and a current sub-processors list available on request.
Compliance solution →Want the DPA and sub-processors list?
Ask in your quotation request and we'll include it.
Get a quotation