Security Overview BatchBuddy.AI

4

Security Layers

Auth, Encryption, RBAC, Hashing

100%

Data Isolation

Owner-scoped queries

235+

Automated Tests

11-suite regression guard

Fail-Closed

Design Pattern

No silent fallbacks

Security Architecture

Six pillars protecting your manufacturing data, intellectual property, and compliance posture.

Authentication & Access Control

Session & Identity Security

✓Secure session management with encrypted cookies and automatic rotation
✓Role-based access control (Formulator, Supplier, Admin, Director)
✓Team workspace isolation with permission-based sharing
✓Automatic session timeout and enhanced admin login security
✓Rate limiting with failed login detection and account lockout

API Key Security (SOC 2 Aligned)

✓API keys hashed at rest using SHA-256 (no plaintext storage)
✓Hash-only authentication lookup no plaintext fallback
✓Startup bulk migration ensures zero plaintext keys remain
✓Key prefix stored separately for identification without exposure

E-Signature Integrity (FDA Part 11)

✓HMAC-SHA256 cryptographic binding of signatures to records
✓Atomic e-signature staging fail-closed on all 14 AI write actions
✓High-stakes actions require password re-authentication
✓Tamper detection with legacy signature migration support

Application Security & Hardening

Input & Output Protection

✓CSRF protection on all forms and session-backed payment endpoints
✓XSS-hardened chat widget with dedicated sanitization functions
✓SQL injection prevention with parameterized ORM queries
✓CSV injection prevention on all spreadsheet imports
✓Server-side data redaction for team permission boundaries

Data Protection & Encryption

✓TLS encryption for all data in transit
✓Fernet encryption for sensitive data at rest
✓Secure password hashing (Werkzeug defaults, no plaintext)
✓Environment-based secret management no secrets in code

Credential Safety & Logging

✓No API keys or auth headers in application logs
✓No raw token objects logged anywhere in the codebase
✓Zero bare except blocks in security-critical files
✓Specific exception types enforced in auth, API, and security modules

Enterprise API & Rate Limiting

API Governance

✓Enterprise-only REST API with API key authentication
✓CSRF exemption for API write endpoints (token-authenticated)
✓Owner-scoped data isolation on every API endpoint
✓Idempotency key support bound to user and endpoint path
✓FDA 21 CFR Part 11 audit trail on all API write operations

Rate Limiting (Fail-Closed)

✓60 requests/minute per API key on both read and write paths
✓Fail-closed design app won't start if limiter initialization fails
✓Production-aware monitoring with loud warnings for memory-only storage
✓Configurable backend (Redis, Memcached) for multi-instance deployments

Webhook Security

✓Webhook subscription system with audit-logged create/delete
✓Machine-readable OpenAPI schema for enterprise integrations

Audit Trails & Monitoring

FDA 21 CFR Part 11 Audit Trail

✓Comprehensive logging of all user actions with UTC timestamps
✓Production run lifecycle tracking with full attribution
✓Tamper-evident log architecture with immutability controls
✓Audit service resolves actor from both session and API-key contexts

AI Copilot Safety Controls

✓14 agentic write actions with user confirmation required
✓Risk-tiered confidence thresholds (0.65 / 0.72 / 0.85)
✓Atomic e-signature staging on every AI action (fail-closed)
✓High-stakes actions (production, lot release) require password re-auth
✓Pop-before-write idempotency prevents duplicate DB commits

Data Retention & Recovery

✓6-year FDA audit log retention policy
✓Soft deletion for all user data (FDA compliance & recovery)
✓Automated daily database backups RTO < 4 hours, RPO < 24 hours

Infrastructure & Integration Security

Database Security

✓Enterprise PostgreSQL with CHECK constraints and Numeric types for financial precision
✓Database safety system with transaction integrity validation
✓Encrypted backups with geographic redundancy
✓Performance monitoring and connection pool management

Third-Party Integration Security

✓Secure OAuth 2.0 integration (QuickBooks Online)
✓PCI-compliant payment processing (Stripe)
✓Secure email delivery (Amazon SES primary, SendGrid fallback)
✓Cloud-based secure document storage with presigned URL access controls

Platform Reliability

✓Hosted on U.S.-based cloud infrastructure (GCP + AWS) production-grade (99.9%+ uptime)
✓Automated monitoring, health checks, and alerting
✓PWA with offline capabilities and versioned caching

Privacy & Intellectual Property

Data Protection

✓GDPR/CCPA compliant privacy policy and data practices
✓21 CFR Part 11-aligned record retention architecture
✓Privacy-friendly analytics with aggregated reporting
✓Explicit consent for data sharing; mandatory TOS acceptance

Intellectual Property Protection

✓Formulation data protected by owner-scoped access controls
✓Proprietary recipe protection with team-based sharing permissions
✓Supplier information segregation by account
✓Production cost data isolation per owner

Enterprise Authentication

✓Dual authentication for API key generation (session + password)
✓Password policy enforcement
✓Administrative user controls and role management

Platform Reliability & Infrastructure

U.S.-based cloud infrastructure with automated monitoring, encrypted backups, and tested disaster recovery.

99.9%+

Uptime SLA

AWS + GCP

< 4 hr

Recovery Time

RTO target

< 24 hr

Recovery Point

RPO target

Daily

Encrypted Backups

Geo-redundant

Infrastructure

✓U.S.-based infrastructure GCP (compute) + AWS US East 1 (data), both ISO 27001-certified
✓Geographic redundancy multi-region backup storage
✓Enterprise PostgreSQL with connection pool management
✓PWA with offline capabilities and versioned caching

Monitoring & Response

✓Automated health checks and real-time alerting
✓Performance monitoring and connection pool tracking
✓Formal incident response plan with defined severity levels
✓Customer notification SLA for security incidents

Data Continuity

✓Daily automated database backups encrypted at rest
✓Recovery procedures tested quarterly
✓Soft deletion for all user data (FDA compliance & recovery)
✓6-year FDA audit log retention immutable, tamper-evident

Compliance & Certifications

Mapped, documented, and verifiable controls across FDA, SOC 2, ISO 27001, and data privacy frameworks.

FDA 21 CFR Part 11

Electronic records, e-signatures, audit trails, and RBAC all 11 Subpart B controls mapped.

View Mapping

SOC 2 Readiness

30+ controls aligned with AICPA Trust Services Criteria across all 5 categories.

Download Matrix

ISO 27001 Readiness

Controls implemented against ISO/IEC 27001:2022 across all 4 Annex A themes.

View Controls

GDPR / CCPA Aligned

Data handling aligned with GDPR and CCPA principles. DPA available for Enterprise.

Automated Security Verification

Every security property is guarded by automated tests that run continuously. These tests prevent regressions and ensure the security posture is maintained.

148

Security Regression Tests

CSRF protection, owner-scoping, credential logging, exception specificity, e-signature integrity, API key hashing, atomic e-signatures, webhook auditing, idempotency, rate limiter safety, and COA audit package export integrity.

13

XSS Hardening Tests

Chat widget sanitization, template interpolation guards, payload neutralization, null/empty handling, and safe link generation.

13

Runtime Integration Tests

Live API authentication flows, hash-only key validation, enterprise tier gating, rate limiter enforcement, and Trust Center PDF generation.

24

Behavioral Security Tests

End-to-end access control flows, privilege escalation guards, tenant isolation verification, and multi-role permission boundary enforcement.

Security Overview