RRefiner / Seychelles
Request a quote
§ · Security & compliance

Built for systems that hold real records.

Our systems carry government casework, payments and personal records, so security is part of the platform every project ships on — not an add-on negotiated later. This page describes what we actually do on every deployment. If a question isn't answered here, ask us directly and we'll answer it plainly.

01

Access control

Every user gets exactly the access their job requires and nothing more. Permissions follow roles, with per-user adjustments where a role alone is too broad.

  • Role-based permissions across every screen and record type
  • Per-user overrides for exceptions, without inventing new roles
  • Least-privilege defaults — access is granted, never assumed
  • Field-level and row-level restrictions where data is sensitive
02

Authentication

Getting in requires more than a password. Sign-in policies are enforced by the system, not left to user discipline.

  • Strong password policy enforced on every account
  • One-time codes as a second factor
  • Trusted-device checks — a new device must be verified before it gets in
  • Session limits and automatic sign-out on inactivity
03

Audit trail

Every action in the system leaves a record: who did it, what changed, and when. The history is append-only — it can be read, never rewritten.

  • Who / what / when captured on every record
  • Approvals, rejections and corrections all traceable to a person
  • Append-only history — no edits, no deletions, no gaps
  • Audit views available to authorised reviewers on demand
04

Data protection

Client data stays separate and stays encrypted in transit. Each client runs against its own database — there is no shared tenant pool where one client's data sits beside another's.

  • Encrypted transport on every connection
  • Isolated per-client databases — no shared tenants
  • Data access restricted to the client's own system and staff
05

Backups & continuity

Backups run on schedule and — more importantly — restores are actually tested. Uptime is watched from outside the system, so we know about a problem before a phone call.

  • Scheduled backups at multiple intervals
  • Restore procedures tested, not assumed
  • External uptime monitoring with alerts
  • Production error tracking so faults surface immediately
06

Responsible hosting

Systems are hosted where the client needs them, on servers we harden and maintain. Security checks are part of routine maintenance, not a one-off exercise at go-live.

  • EU or local hosting options, chosen with the client
  • Server hardening as standard on every deployment
  • Security scanning carried out during maintenance windows
  • Dependencies kept current against published vulnerabilities
Security questions? Ask us directly →