Security baseline overview
This page summarizes the current Phase 1 security baseline in plain language for teams evaluating NewAxiom. Controls focus on tenant isolation, authorization, and data-handling safeguards.
Phase 1 controls in place
Workspace authorization
Protected API routes and resource lookups enforce workspace-scoped authorization server-side to reduce cross-workspace access risk.
Role-based access
Workspace roles (owner, admin, manager, analyst, viewer) are used to scope operational access by responsibility.
Authentication and MFA
Customer sign-in uses secure-link email auth. TOTP MFA support is implemented and can be enabled for owner/admin enforcement where deployment settings and plan capability allow.
Connector secret protection
Connector credentials use encrypted-at-rest storage and are masked from API responses and application surfaces.
Upload and export hardening
Upload, import, export, and internal/debug paths use stricter access checks and authorization enforcement.
Security audit logging
High-risk operations and failed authorization checks are recorded for traceability and incident review.
Sanitized production errors
API and UI production errors are normalized to avoid exposing sensitive internal implementation details.
Scope note
This is a baseline summary of implemented controls. It does not claim certifications or full security completeness. Additional follow-up hardening work is tracked and applied iteratively.
Need a security review call?
We can walk through the current baseline and how it maps to your pricing workflow requirements.