Security

Login

Security at Powder Coating Logix

Last Updated: April 9, 2026

Your business data and your customers' data are the most important things you've trusted us with. Here is how we protect them.

Encryption
  • In transit: All communication between your browser and our servers is encrypted using TLS 1.2 or higher. HTTP is automatically redirected to HTTPS.
  • At rest: Databases and file storage are encrypted using AES-256 via Microsoft Azure's native encryption.
  • Passwords: Stored as bcrypt hashes — we never store or see your plain-text password.
Infrastructure
  • Hosted on Microsoft Azure — enterprise-grade cloud infrastructure with SOC 2 Type II, ISO 27001, and FedRAMP certifications.
  • Geo-redundant storage ensures your data is replicated across multiple data centers.
  • Daily automated backups with 7-day retention.
Access Controls
  • Role-based permissions: Each user in your account has a role that limits what they can see and do — Admins, Managers, Employees, Shop Floor, and Read-Only.
  • Multi-tenancy isolation: Your data is logically isolated from all other customers at the database level via row-level filtering.
  • Internal access: Platform engineers access production data only when required for support, under the principle of least privilege.
Payment Security
  • Stripe handles all payment processing. We never see, store, or transmit your card numbers — Stripe's PCI DSS Level 1 certified infrastructure handles that directly.
  • Stripe Connect is used for online invoice payments, meaning funds flow directly to your Stripe account.
  • Stripe's security details: stripe.com/docs/security
Authentication
  • Strong password requirements: Minimum 8 characters with uppercase, lowercase, digit, and special character.
  • Two-factor authentication (2FA): Available for all user accounts via authenticator app.
  • Anti-brute-force rate limiting on login and registration endpoints.
  • CSRF protection on all state-changing forms.
Monitoring & Logging
  • Structured application logging via Serilog with daily log rotation.
  • Azure Monitor provides infrastructure-level anomaly detection and alerting.
  • Audit logs record key administrative actions within your account.
  • System administrators receive real-time alerts for critical errors.

Application Security Practices

  • SQL injection prevention: All database access uses Entity Framework Core with parameterized queries.
  • XSS prevention: All user-supplied content is HTML-encoded by default via Razor's automatic escaping.
  • Content Security Policy (CSP): HTTP headers restrict which scripts and resources can load on our pages.
  • HSTS: HTTP Strict Transport Security enforced to prevent protocol downgrade attacks.
  • Secure file uploads: File type validation and path traversal protection on all upload endpoints.
  • Dependency updates: NuGet packages reviewed and updated regularly to address known vulnerabilities.

Third-Party Security

We rely on the following vendors for core functionality, each of which maintains their own security programs:

  • Microsoft Azure — ISO 27001, SOC 2, FedRAMP
  • Stripe — PCI DSS Level 1
  • SendGrid / Twilio — ISO 27001, SOC 2
  • Anthropic — Enterprise AI security program

Your Responsibilities

Security is a shared responsibility. You can help protect your account by:

  • Using a strong, unique password and enabling 2FA;
  • Not sharing login credentials between users — each person should have their own account;
  • Assigning the minimum role necessary for each user's job;
  • Revoking access promptly when an employee leaves;
  • Reporting suspicious activity immediately.

Responsible Disclosure

If you believe you have found a security vulnerability in Powder Coating Logix, please report it responsibly by emailing security@powdercoatinglogix.com. We ask that you:

  • Give us reasonable time to investigate and remediate before any public disclosure;
  • Not access, modify, or delete data belonging to other users;
  • Not perform denial-of-service testing.

We will acknowledge your report within 2 business days and work with you to understand and address the issue. We appreciate responsible security research.

Questions

For security questions or concerns, contact us at security@powdercoatinglogix.com.

© 2026 Powder Coating Logix  ·  Terms of Service  ·  Privacy Policy

Powered by Powder Coating Logix · v2.1.524 · Terms · Privacy · CA Privacy · SLA · Security · DPA · Accessibility · Community