Security Overview BatchBuddy.AI

On the scope of GMP Native controls: The security and compliance controls described on this page govern the software and data layer. They do not cover physical-plant GMP requirements, equipment qualification, facility design, or personnel training obligations at your organization. Learn what GMP Native means and what it does not cover.

4

Security Layers

Auth, Encryption, RBAC, Hashing

100%

Data Isolation

Owner-scoped queries

235+

Automated Tests

11-suite regression guard

Fail-Closed

Design Pattern

No silent fallbacks

Security Architecture

Six pillars protecting your manufacturing data, intellectual property, and compliance posture.

Authentication & Access Control

Session & Identity Security

✓Secure session management (server-side storage, HttpOnly + Secure + SameSite=Lax cookie flags)
✓Role-based access control (Formulator, Supplier, Admin, Director)
✓Team workspace isolation with permission-based sharing
✓Automatic session timeout and enhanced admin login security
✓Rate limiting with failed login detection and account lockout

API Key Security (SOC 2 Aligned)

✓API keys hashed at rest using SHA-256 (no plaintext storage)
✓Hash-only authentication lookup no plaintext fallback
✓All API keys stored as cryptographic hashes with no plaintext retention
✓Key prefix stored separately for identification without exposure

E-Signature Integrity (FDA Part 11)

✓HMAC-SHA256 cryptographic binding of signatures to records
✓Atomic e-signature staging fail-closed on all 14 AI write actions
✓High-stakes actions require password re-authentication
✓Tamper detection with backward-compatible signature verification

Application Security & Hardening

Input & Output Protection

✓CSRF protection on all forms and session-backed payment endpoints
✓XSS-hardened chat widget with dedicated sanitization functions
✓SQL injection prevention with parameterized ORM queries
✓CSV injection prevention on all spreadsheet imports
✓Server-side data redaction for team permission boundaries

Data Protection & Encryption

✓TLS encryption for all data in transit
✓Fernet encryption for sensitive data at rest
✓Secure password hashing (industry-standard algorithm, no plaintext)
✓Environment-based secret management no secrets in code

Credential Safety & Logging

✓No API keys or auth headers in application logs
✓No raw token objects logged anywhere in the codebase
✓Zero bare except blocks in security-critical files
✓Specific exception types enforced in auth, API, and security modules

Enterprise API & Rate Limiting

API Governance

✓Enterprise-only REST API with API key authentication
✓CSRF exemption for API write endpoints (token-authenticated)
✓Owner-scoped data isolation on every API endpoint
✓Idempotency key support bound to user and endpoint path
✓FDA 21 CFR Part 11 audit trail on all API write operations

Rate Limiting (Fail-Closed)

✓Per-key rate limiting on both read and write paths
✓Fail-closed design app won't start if limiter initialization fails
✓Production-aware monitoring with deployment configuration alerting
✓Configurable distributed backend for multi-instance deployments

Webhook Security

✓Webhook subscription system with audit-logged create/delete
✓Machine-readable OpenAPI schema for enterprise integrations

Audit Trails & Monitoring

FDA 21 CFR Part 11 Audit Trail

✓Comprehensive logging of all user actions with UTC timestamps
✓Production run lifecycle tracking with full attribution
✓Tamper-evident log architecture with immutability controls
✓Audit service resolves actor from both session and API-key contexts

AI Copilot Safety Controls

✓14 agentic write actions with user confirmation required
✓Risk-tiered confidence thresholds — low / medium / high-stakes actions
✓Atomic e-signature staging on every AI action (fail-closed)
✓High-stakes actions (production, lot release) require password re-auth
✓Idempotency controls prevent duplicate action execution

Data Retention & Recovery

✓6-year FDA audit log retention policy
✓Soft deletion for all user data (FDA compliance & recovery)
✓Automated daily database backups RTO < 4 hours, RPO < 24 hours

Infrastructure & Integration Security

Database Security

✓Enterprise PostgreSQL with CHECK constraints and Numeric types for financial precision
✓Database safety system with transaction integrity validation
✓Encrypted backups with geographic redundancy
✓Performance monitoring and connection pool management

Third-Party Integration Security

✓Secure OAuth 2.0 integration (QuickBooks Online)
✓PCI-compliant payment processing (Stripe)
✓Secure email delivery via SOC 2-certified transactional provider
✓Cloud-based secure document storage with presigned URL access controls

Platform Reliability

✓Hosted on U.S.-based cloud infrastructure (AWS US-East-1) production-grade (99.9%+ uptime)
✓Automated monitoring, health checks, and alerting
✓PWA with offline capabilities and versioned caching

Privacy & Intellectual Property

Data Protection

✓GDPR/CCPA compliant privacy policy and data practices
✓21 CFR Part 11-aligned record retention architecture
✓Privacy-friendly analytics with aggregated reporting
✓Explicit consent for data sharing; mandatory TOS acceptance

Intellectual Property Protection

✓Formulation data protected by owner-scoped access controls
✓Proprietary recipe protection with team-based sharing permissions
✓Supplier information segregation by account
✓Production cost data isolation per owner

Enterprise Authentication

✓Dual authentication for API key generation (session + password)
✓Password policy enforcement
✓Administrative user controls and role management

Platform Reliability & Infrastructure

U.S.-based cloud infrastructure with automated monitoring, encrypted backups, and tested disaster recovery.

99.9%+

Uptime SLA

AWS US-East-1

< 4 hr

Recovery Time

RTO target

< 24 hr

Recovery Point

RPO target

Daily

Encrypted Backups

Geo-redundant

Infrastructure

✓U.S.-based infrastructure AWS US-East-1, ISO 27001-certified
✓Geographic redundancy multi-region backup storage
✓Enterprise PostgreSQL with connection pool management
✓PWA with offline capabilities and versioned caching

Monitoring & Response

✓Automated health checks and real-time alerting
✓Performance monitoring and connection pool tracking
✓Formal incident response plan with defined severity levels
✓Customer notification SLA for security incidents

Data Continuity

✓Daily automated database backups encrypted at rest
✓Recovery procedures tested quarterly
✓Soft deletion for all user data (FDA compliance & recovery)
✓6-year FDA audit log retention immutable, tamper-evident

Compliance & Certifications

Mapped, documented, and verifiable controls across FDA, SOC 2, ISO 27001, and data privacy frameworks.

FDA 21 CFR Part 11

Electronic records, e-signatures, audit trails, and RBAC all 11 Subpart B controls mapped.

View Mapping

SOC 2 Readiness

30+ controls aligned with AICPA Trust Services Criteria across all 5 categories.

Download Matrix

ISO 27001 Readiness

Controls implemented against ISO/IEC 27001:2022 across all 4 Annex A themes.

View Controls

GDPR / CCPA Aligned

Data handling aligned with GDPR and CCPA principles. DPA available for Enterprise.

Automated Security Verification

Every security property is guarded by automated tests that run continuously. These tests prevent regressions and ensure the security posture is maintained.

148

Security Regression Tests

CSRF protection, owner-scoping, credential logging, exception specificity, e-signature integrity, API key hashing, atomic e-signatures, webhook auditing, idempotency, rate limiter safety, and COA audit package export integrity.

13

XSS Hardening Tests

Chat widget sanitization, template interpolation guards, payload neutralization, null/empty handling, and safe link generation.

13

Runtime Integration Tests

Live API authentication flows, hash-only key validation, enterprise tier gating, rate limiter enforcement, and Trust Center PDF generation.

24

Behavioral Security Tests

End-to-end access control flows, privilege escalation guards, tenant isolation verification, and multi-role permission boundary enforcement.

Security Overview