Security & Trust
Adasima is built for regulated environments. Security, auditability, and data protection are embedded in the platform architecture — not added as afterthoughts.
Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Database-level encryption with managed key rotation.
Authentication
Secure authentication via Supabase Auth with passwordless magic link. SSO-ready architecture for enterprise deployments.
Audit Trails
Complete audit logging of all user actions, document access, and system events. Tamper-evident records for regulatory compliance.
Access Control
Role-based access control with least-privilege principles. Client data isolation enforced at the database level via Row Level Security.
Infrastructure
Hosted on Vercel and Supabase with enterprise-grade infrastructure. Automatic failover, backups, and disaster recovery.
Data Protection
UK GDPR compliant data handling. FYM Compliance Limited acts as data controller. Data processing agreements available on request.
Principles
Security Principles
Tenant Isolation
Every institution operates within a fully isolated tenant boundary. Row Level Security policies enforce data separation at the database level — no cross-tenant data access is structurally possible.
Persona-Based RRBAC
Role and Responsibility Based Access Control with persona-level granularity. Every governance action is authority-routed through the correct approval chain before execution.
Tamper-Evident Records
Hash-chained event ledger with SHA-256 cryptographic integrity. Every governance state transition produces a decision receipt that is independently verifiable.
Immutable Receipts
Decision receipts, attestation records, and gate transition history are immutable once created. The evidence chain cannot be retroactively modified.
Evidence Integrity
Governance evidence is structurally linked to the actions that produced it. Integrity verification is built into the evidence architecture, not applied as an afterthought.
Operations
Operational Trust Controls
Comprehensive Logging
All platform access, governance actions, and administrative operations are logged with full context — user, timestamp, IP, and action metadata.
Incident Response
Documented incident response procedures with defined severity levels, escalation paths, and post-incident review processes.
Access Reviews
Periodic access reviews for administrative privileges, API keys, and service accounts. Principle of least privilege enforced across all system layers.
Secure SDLC
Security integrated into the software development lifecycle — code review, dependency scanning, and pre-deployment security checks.
Compliance
Compliance Alignment
SOC 2 Type II
Designed to support alignmentPlatform architecture and operational controls designed to support SOC 2 Type II compliance requirements.
ISO 27001
Designed to support alignmentInformation security management practices aligned with ISO 27001 framework requirements.
UK GDPR
CompliantFull UK GDPR compliance. FYM Compliance Limited acts as data controller. Data processing agreements available on request.
Security Enquiries
For security-related enquiries, vulnerability reports, or to request our security documentation, contact our team.
Contact Sales