Tenant isolation enforced at the database engine. An immutable audit log that rejects tampering by design. No marketing claims without technical backing.
CSP enforced, no unsafe-eval in production, HTTPS only
Server-side rendered actions, RBAC middleware, rate limiting
Row-Level Security on every table, tenant isolation at query level
Industry-standard JWT authentication. Session management server-side. No credentials in application code.
29 granular permissions across 3 role levels. Checked at both application and database layers.
Every database query is filtered by tenant ID through PostgreSQL Row-Level Security policies. User A cannot read, write, or detect Tenant B's data.
Once written, audit log entries cannot be modified or deleted. Enforced by database-level policies and triggers that reject UPDATE and DELETE.
Production deployments enforce strict CSP headers: no unsafe-eval, no unsafe-inline for scripts, frame-ancestors set to none.
Enterprise-grade cloud infrastructure with point-in-time recovery and daily snapshots. Data residency options available for enterprise deployments.
Security issues are acknowledged within one business day.
Data exposure or tenant isolation bypass issues are treated as P0.
Report security concerns directly. No bug bounty program at this time.
Reliatic is designed to support compliance with these standards. We do not claim certification or replace professional assessments.
| Standard | What Reliatic Supports | What It Does Not Do |
|---|---|---|
| API 580 / 581 | Risk ranking documentation, inspection scheduling evidence, approval workflows | Does not replace a certified RBI study or qualified analyst |
| ISO 55000 | Decision traceability, asset register governance, review cadence enforcement, lifecycle cost analysis with NPV | Is not a full EAM/ERP system (integrates with SAP PM, Maximo) |
| ISO 31000 | Risk identification, acceptance workflows, Monte Carlo simulation for risk quantification, sensitivity analysis | Does not replace domain-specific QRA or bowtie analysis |
| IEC 60812 | FMEA worksheets with S/O/D scoring, RPN calculation, action tracking, Weibull reliability modeling, failure rate prediction | Does not replace physics-of-failure modeling for novel failure modes |
| NORSOK Z-008 | Risk register, review trails, and escalation records aligned with Z-008 governance principles | Does not implement Z-008 consequence classification methodology or operational control system integration |
How your inspection and asset data is stored, protected, and managed throughout its lifecycle.
Hosted on Supabase-managed PostgreSQL running on AWS infrastructure. Production databases run in isolated VPCs with no public internet exposure.
AES-256 encryption at rest for all stored data. TLS 1.3 enforced for all data in transit. No unencrypted connections are accepted by the platform.
Daily automated backups with 30-day retention. Point-in-time recovery available for enterprise deployments. Backups are encrypted and stored in a separate availability zone.
Full data purge within 30 days of contract cancellation. All tenant data, backups, and derived analytics are permanently removed. Deletion is confirmed in writing.
Full support for data subject rights: access, rectification, erasure, and portability. Requests are processed within the regulatory timeframe and logged in the audit trail.
Your data is always exportable. Full tenant export in standard formats (CSV, JSON) available on demand. No vendor lock-in — if you leave, your data leaves with you.
Most vendors only tell you what they do. Here is what we do not do — because transparency is a security property, not a marketing tactic.
We are not yet SOC 2 certified. Our platform is built with SOC 2-aligned controls and we are preparing for a formal Type I assessment.
We do not replace qualified engineers. Reliatic is a governance tool, not an engineering calculation engine.
We do not guarantee regulatory compliance. We provide the evidence trail — your organization owns the compliance program.
We do not offer on-premise deployment. Reliatic is cloud-only, hosted on enterprise-grade managed infrastructure.
We do not store or process payment card data. Billing is managed internally with no card data retained.
We do not provide uptime SLAs on the Starter plan. Enterprise customers receive contractual SLAs.
Reliatic is a governance tool, not an engineering judgment replacement. The platform calculates risk scores, recommends inspection intervals, and enforces approval workflows — but every recommendation passes through a qualified engineer before it becomes a decision.
When the system recommends extending an inspection interval from 12 months to 24 months based on quantitative risk analysis, a human engineer must review the recommendation, assess the site-specific context that the algorithm cannot capture (operational changes, process upsets, environmental factors), and approve or override the recommendation with a written justification.
This separation of calculation and judgment is deliberate. Algorithms excel at processing large datasets consistently. Engineers excel at contextual judgment. Reliatic ensures both capabilities are applied to every decision, and that the combination is permanently recorded.
Schedule a technical deep-dive where we walk through tenant isolation, audit log immutability, and access controls using your security requirements.
Request a Security Review