BMS SuiteBMS SUITE← Back to home
🔒

Security at BMS Suite

We treat security as a first-class feature — not an afterthought. Here is how we protect your business data.

🔐

Data encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. API communication between your browser and our servers is always over HTTPS.

🛡️

Authentication & access control

JWT-based authentication with short-lived tokens and secure httpOnly cookies. Role-based access control (RBAC) with three levels — Superadmin, Org Admin, and Member — limits what each user can see and do.

🏢

Tenant isolation

Every organisation's data is logically isolated at the database level. No cross-tenant data leakage is possible by design — all queries are scoped to the authenticated organisation.

📋

Audit trails

Critical financial and inventory actions are logged with timestamps, user identity, and before/after values. Audit logs are immutable and cannot be deleted by organisation users.

Rate limiting & abuse prevention

All API endpoints are rate-limited to prevent brute-force and denial-of-service attacks. Authentication endpoints use stricter limits with automatic lockout.

🔄

Regular backups

Production databases are backed up daily with point-in-time recovery. Backups are stored in a separate region and retained for 30 days.

🧪

Penetration testing

We conduct periodic security reviews and penetration tests. Critical vulnerabilities are patched within 24 hours; moderate within 7 days.

📬

Responsible disclosure

Found a vulnerability? We welcome responsible disclosure. Email security@bmssuite.online with details and we will respond within 48 hours. Please do not disclose publicly until we have had a chance to address the issue.

📬

Report a vulnerability

If you discover a security issue, please contact us privately before any public disclosure.

security@bmssuite.online
© 2026 BMS SUITE · Privacy · Terms