Security

1. Infrastructure

Kujalia ERP runs on Amazon Web Services in the af-south-1 (Cape Town) region. Your data stays in South Africa.

• Compute — auto-scaling EC2 instances behind an Application Load Balancer, deployed across availability zones for redundancy.
• Database — Amazon RDS for MariaDB with automated daily backups, point-in-time recovery, and encryption at rest.
• Caching — Amazon ElastiCache (Redis) for session storage and performance caching, deployed in a private subnet with no public access.
• Networking — VPC with public and private subnets. Application servers and databases reside in private subnets behind NAT gateways. Security groups enforce least-privilege network access.
• Secrets — all credentials, API keys, and signing secrets stored in AWS Secrets Manager, never in source code or environment files.

2. Encryption

3. Authentication

• Auth.js (v1.x) — industry-standard authentication framework with secure session management.
• Two-factor authentication — optional TOTP-based 2FA available for all accounts. We recommend enabling it for admin and accountant roles.
• SSO — SAML and OAuth single sign-on support for Professional and Enterprise plans.
• Session management — users can view all active sessions and terminate any session remotely from their security settings.
• CSRF protection — all state-changing requests are protected against cross-site request forgery with signed tokens.
• Rate limiting — all API endpoints are rate-limited to prevent brute-force attacks. Authentication endpoints have stricter limits.

4. Authorisation and Access Control

Every API request passes through our createApiHandler middleware, which enforces authentication, role-based access, and tenant isolation in a single place.

Tenant isolation — every database query is scoped to the authenticated tenant. There is no mechanism for one tenant to access another tenant's data.

5. Audit Logging

All significant actions are recorded in an immutable audit log, including who performed the action, what changed, when it happened, and from which IP address. Audit logs are retained for 2 years and are accessible to admin users from the platform. Sensitive fields (passwords, tokens, bank account numbers) are automatically masked in log output.

6. Application Security

We build with security as a default, not a bolt-on:

• Input validation — all user input is validated with Zod schemas before processing. No raw user data reaches the database.
• SQL injection — Prisma ORM with parameterised queries. No raw SQL.
• XSS prevention — SvelteKit auto-escapes all rendered content. Rich text content is sanitised with DOMPurify.
• SSRF protection — outbound requests are checked against private IP ranges to prevent server-side request forgery.
• Dependency scanning — automated vulnerability scanning of all npm dependencies.
• Prototype pollution — prevented by strict Zod schema validation on all API inputs.

7. Reliability and Availability

• Auto-scaling — compute capacity scales automatically based on demand.
• Health checks — liveness, readiness, and deep health probes monitor application, database, and cache status continuously.
• Circuit breakers — external service calls use circuit breaker patterns with exponential backoff to prevent cascading failures.
• Retryable transactions — database operations that involve multiple writes use atomic transactions with deadlock retry logic.
• Graceful shutdown — in-flight requests complete before instances are terminated during deployments.
• Monitoring — CloudWatch metrics and alerting for CPU, memory, database connections, error rates, and slow queries (>100ms).

8. Backups and Disaster Recovery

• Automated daily database snapshots retained for 7 days.
• Point-in-time recovery available to any second within the retention window.
• Backups are encrypted (AES-256) and stored in the same AWS region.
• Recovery procedures are documented and periodically tested.

We recommend that you also maintain your own exports of critical data using the platform's built-in CSV and PDF export features.

9. Incident Response

In the event of a security incident, we follow a structured response process:

1. Detect — automated monitoring and alerting identifies anomalous activity.
2. Contain — isolate affected systems to prevent further exposure.
3. Investigate — determine scope, root cause, and affected data.
4. Notify — inform the Information Regulator and affected data subjects as required by POPIA Section 22.
5. Remediate — fix the vulnerability, restore services, and implement preventive measures.
6. Report — document the incident and lessons learned.

10. Responsible Disclosure

If you discover a security vulnerability in Kujalia ERP, we ask that you report it responsibly. Please email security@kujalia.co.za with a description of the issue, steps to reproduce, and any supporting evidence. We commit to acknowledging your report within 48 hours and will work to resolve verified vulnerabilities promptly. We will not take legal action against researchers who act in good faith and follow responsible disclosure practices.

11. Your Role in Security

Security is a shared responsibility. We recommend that all users:

• Use a strong, unique password for your Kujalia account.
• Enable two-factor authentication, especially for admin and accountant roles.
• Review active sessions periodically and terminate any you do not recognise.
• Assign the least-privileged role that each team member needs.
• Keep your browser and operating system up to date.
• Report suspicious activity to your organisation's admin and to us at security@kujalia.co.za.

12. Contact

For security questions, vulnerability reports, or to request further detail about our security practices:

• Security team: security@kujalia.co.za
• Privacy enquiries: privacy@kujalia.co.za
• Website: erp.kujalia.com