Security
Overview
The Loften portal is built security-first. This page summarises the key controls in place.
- Invitation-only access — there is no public sign-up.
- Strict data isolation between clients, enforced in the database with Row Level Security.
- Private file storage with short-lived, authorised download links only.
- An immutable audit log of security-relevant actions.
- Encrypted connections (HSTS), strict security headers and a Content Security Policy.
- Server-side authorisation on every sensitive operation.
To report a security concern, email security@loften.co.uk.