Skip to content

Security

Overview

The Loften portal is built security-first. This page summarises the key controls in place.

  • Invitation-only access — there is no public sign-up.
  • Strict data isolation between clients, enforced in the database with Row Level Security.
  • Private file storage with short-lived, authorised download links only.
  • An immutable audit log of security-relevant actions.
  • Encrypted connections (HSTS), strict security headers and a Content Security Policy.
  • Server-side authorisation on every sensitive operation.

To report a security concern, email security@loften.co.uk.

Back to sign in

Security·Privacy·Terms