Security

Enterprise-grade security

Your business data deserves serious protection. Belvak is built with security at every layer, from authentication and access control to backups and infrastructure.

Built-in security at every layer

Security is not an add-on. It is built into the architecture from authentication to backups.

Role-Based Access Control

Granular permissions matrix with custom roles. Control exactly who can view, create, edit, or delete each entity in the system. No all-or-nothing access.

  • Custom roles with fine-grained permissions
  • Per-entity read, create, edit, delete controls
  • Role assignment per user account

Encrypted Sessions

Sessions secured with HttpOnly cookies, SameSite attribute, and Secure flags. Automatic session regeneration every 30 minutes to prevent session fixation attacks.

  • HttpOnly, SameSite, Secure cookie flags
  • 30-minute automatic session regeneration
  • Server-side session validation on every request

Complete Audit Trail

Every action in the system is logged with the user, timestamp, and a full JSON data snapshot. Know exactly who changed what and when, with complete before-and-after records.

  • Full data snapshot on every change
  • User attribution with timestamps
  • Searchable activity log in Settings

Rate Limiting

Nginx-level rate limiting protects against brute force attacks, API abuse, and denial-of-service attempts before requests even reach the application layer.

  • Nginx-level request throttling
  • Protection against brute force login attempts
  • API abuse prevention at the edge

Daily Backups

Automated daily backups with 60-day retention to geographically separate cloud storage. Your data is recoverable even in worst-case scenarios.

  • Automated daily backup schedule
  • 60-day retention policy
  • Geographically separate cloud storage

Self-Hosted Option

Deploy Belvak on your own infrastructure for full data sovereignty. Your data never leaves your servers, and you control every aspect of the environment.

  • Docker-based deployment on any infrastructure
  • Full control over data residency
  • No vendor lock-in on your business data

Security practices we follow

Industry-standard security practices baked into every line of code and every deployment.

OWASP Top 10 Protection

The platform is built with protections against the OWASP Top 10 vulnerabilities, including injection attacks, broken authentication, and security misconfiguration.

Input Validation & Sanitization

All user inputs are validated and sanitized on both the client and server side. Parameterized queries prevent SQL injection across every database interaction.

CORS Headers

Strict Cross-Origin Resource Sharing headers are configured on all 28 API endpoints, preventing unauthorized domains from making requests to the backend.

SQL Injection Prevention

Every database query uses parameterized statements. No raw user input ever reaches the database engine, eliminating the most common attack vector.

XSS Prevention

Content Security Policy headers, output encoding, and React's built-in XSS protection work together to prevent cross-site scripting attacks.

Security Headers

Centralized security header configuration including X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Strict-Transport-Security on every response.

Data handling practices

We treat your business data with the care it deserves. All data is stored on infrastructure you control or on our secured servers with strict access policies.

  • Data encrypted at rest and in transit
  • Strict internal access controls
  • Regular security reviews and updates
  • Transparent data processing practices

GDPR awareness

We are committed to respecting user privacy and data protection rights. Our platform is designed with privacy-by-design principles that align with GDPR requirements.

  • Right to access and export your data
  • Right to deletion upon request
  • Minimal data collection practices
  • Clear privacy policy and terms of service

Have security questions?

We take security seriously and are happy to answer any questions about how we protect your data. Reach out to our team for details.

Contact Us

Secure your business operations

Enterprise-grade security from day one. Book a demo to see how we protect your data.

See Pricing