🔐 Authentication & Access Control
VynDeal uses industry-standard authentication that is measurably more secure than most enterprise software.
🔑 bcrypt-12 Password Hashing
All passwords hashed with bcrypt at cost factor 12. This means a brute-force attack on a stolen password hash would take decades on modern hardware. Your users' passwords are never stored in plain text — not even we can read them.
🎟️ JWT Authentication
JSON Web Tokens with cryptographic signing. Every API request carries a signed token verified server-side. Tokens expire after 7 days. Compromised tokens cannot be forged without the secret key stored securely in environment variables — never in code.
🚦 Rate Limiting
Login endpoint: maximum 10 attempts per IP per 15 minutes. After that, locked out automatically. This prevents brute-force password attacks — even with a list of known email addresses, an attacker cannot guess passwords at scale.
👥 Role-Based Access Control
Sales Rep, Regional Manager, Admin, Super Admin. Each role sees only the data they need. A rep cannot access another territory's leads. A manager cannot access another company's data. Access enforced server-side, not just in the UI.
🏗️ Data Isolation — No Client Can See Another Client's Data
This is the most critical security requirement for a multi-tenant SaaS. VynDeal enforces data isolation at three independent layers.
JWT Payload Isolation
Every JWT token contains the user's client_id. Every API request carries this token. The server reads client_id from the verified token — not from the request body where a user could manipulate it.
Middleware Enforcement
Authentication middleware enforces client_id on every API call. Even if a route developer forgets to add it, the middleware catches it. Defence in depth — not relying on any single developer's diligence.
Database WHERE Clause
Every database query includes WHERE client_id = $X using parameterised queries. SQL injection is prevented. Even a compromised application layer cannot retrieve another tenant's data without the correct client_id.
🔒 Transport Security
TLS Encryption
All traffic encrypted using TLS. HTTPS enforced across the entire platform — no HTTP fallback. Data in transit between your browser and VynDeal servers is encrypted and cannot be intercepted by third parties.
HTTP Security Headers
VynDeal sends all recommended security headers on every response: X-Content-Type-Options (prevents MIME sniffing), X-Frame-Options (prevents clickjacking), X-XSS-Protection, Referrer-Policy, and Permissions-Policy.
🏭 Infrastructure Security
🗄️ Database Encryption
PostgreSQL database with encryption at rest. All customer data, leads, contacts, and financial information encrypted using AES-256. Even physical server access cannot reveal customer data.
💾 Daily Backups
Automated daily database backups with 30-day retention. Backups stored separately from primary server. Point-in-time recovery available. Your data is never lost — even in catastrophic server failure.
🚫 Brute Force Protection
fail2ban active on server level. SSH key-only access — password authentication disabled. Automated blocking of repeated failed access attempts at network level before they reach the application.
🔐 Secrets Management
All secrets (JWT keys, database passwords, API keys) stored in environment variables. Never in source code. Never in logs. Source code can be made public without exposing credentials.
📝 Parameterised Queries
Every database query uses parameterised statements — the gold standard for SQL injection prevention. User input is never directly interpolated into SQL. OWASP Top 10 SQL injection risk: eliminated.
🌐 CORS Protection
API access restricted to authorised origins only (vyndeal.com, app.vyndeal.com). External websites cannot make API calls on behalf of your users. Protects against cross-site request forgery attacks.
📋 Compliance
GDPR Compliant
Right to erasure, data export, consent tracking, privacy policy, cookie consent. VynDeal is fully GDPR compliant for European customers and employees.
SOC2 Ready
Infrastructure and processes designed to SOC2 standards. Audit logging on all data access. Access controls documented. SOC2 Type II certification in progress.
India PDPB Ready
Aligned with India's Personal Data Protection Bill requirements. Data processing consent, privacy notices, and data principal rights all implemented.
Your sales data deserves airline-grade protection
VynDeal is the only CRM that combines manufacturing-specific features with enterprise security standards at a price Indian SMBs can afford.