iVentory is a multi-tenant platform where tenant isolation is a database invariant, not a configuration option. Here is what that means in practice — including the things we have not certified yet.
Every database query carries a mandatory tenant_id filter enforced at the query layer via Drizzle ORM. No application logic can retrieve cross-tenant data without explicitly passing through the super-admin code path — which lives in a separate, audited module.
Authentication runs on Auth.js v5 with signed JWT tokens and 12-hour sliding sessions. Password-reset flows use time-limited signed magic links. The architecture is MFA-ready; hardware-key and TOTP support is on the Phase 9F roadmap.
All traffic is TLS 1.3. Per-tenant SMTP credentials are stored with AES-256-GCM encryption. User-uploaded files land in Cloudflare R2 with EU-region storage and server-side encryption. Database backups on Hetzner (production roadmap) inherit the same controls.
Order changes, status transitions, recall initiations, and login events are written to a tamper-resistant audit log. Your compliance team can export the full trail as a GoBD-compliant PDF — structured for an auditor, not a developer.
Application infrastructure runs on Vercel's EU regions. The production database is planned for Hetzner in Germany (Frankfurt data center), keeping primary data under German jurisdiction. Cloudflare R2 file storage is pinned to EU-only routing.
We list only what is live, what is in active development, and what is on a named roadmap phase. "Planned" means the design decision is made and funded — not that we added it to a slide deck.
All customer-facing UI meets WCAG 2.1 AA as a baseline, enforced via ADR 2026-05-12-04. Accessibility is not a future remediation project — it is the starting state of every new component.
The audit log structure satisfies German GoBD requirements for tamper-evident digital records. Every order, status change, and recall is timestamped with actor identity and exportable as a structured PDF.
NIS2 access-control granularity, incident event logging, and supplier security scoring are in active development as part of Phase 9F. Expected available as a compliance module add-on.
Phase 9E delivers EFPIA disclosure tracking, FSA-Kodex value thresholds, and a GxP validation documentation package. Targeted at pharma and medtech compliance buyers as a Stream C add-on.
Legally valid electronic delivery receipts and qualified signatures on high-value item handoffs, valid across the EU. Planned for Phase 9E alongside the pharma vertical.
Automatic aggregation of branded merchandise spend and estimated emissions for CSRD annual reporting, covering the full supply chain within the platform. Planned for Phase 9F.
SOC 2 Type II audit is on the roadmap as iVentory expands into enterprise and regulated-industry accounts. No audit has been initiated yet — we will not claim it until it is complete.
Application workloads run on Vercel's EU regions. File storage (user uploads, design images) is on Cloudflare R2 with EU-region pinning and server-side encryption. The production database is planned for a Hetzner server in Germany, keeping your primary data under German jurisdiction. Development environments use Neon (serverless Postgres, EU region).
Yes. The audit log covers all order events, status changes, recall initiations, and login events. You can export the full trail as a GoBD-structured PDF at any time — no support ticket required. Inventory data, employee issuance records, and asset histories are also exportable in structured formats.
Yes. A standard DPA is available on request and is a prerequisite for all Professional and above subscriptions. Enterprise agreements include a custom DPA covering subprocessor lists, retention periods, and jurisdiction commitments. Contact us to receive the current DPA document before signing.
Any confirmed data-security incident triggers notification to affected tenant administrators within 72 hours, in line with GDPR Article 33 obligations. We maintain an internal incident log with timestamped response actions. Tenant administrators receive a written incident summary including scope, root cause, and remediation steps.
Production database access is restricted to named personnel with a documented business need. Credentials are not shared or stored in plain text. All direct database access is logged. No third-party integrations have unrestricted access to production data; external connections go through the application API layer with tenant-scoped credentials.
Not in the current release. iVentory is a managed SaaS platform. For enterprise customers with strict data-sovereignty requirements, the Hetzner production-database roadmap (keeping primary data in Germany) is the current answer. Self-hosted deployment is not on the current roadmap but is an active architectural consideration for regulated-industry verticals.
Active tenant data is retained for the duration of the subscription plus 90 days after cancellation, giving you time to export. Audit logs are retained for ten years to satisfy GoBD requirements. Deleted records are hard-deleted from primary storage within 30 days; backup copies are purged on the following backup cycle, typically within 7 days.
Send us your security questionnaire or DPA requirements. We respond to procurement review requests within one business day.
