Risk registers, loss runs, and captive financials are some of the most sensitive data an organization holds. Here is exactly how FractionalRisk.ai protects yours — in plain language, not marketing language.
Most multi-tenant SaaS keeps every customer's rows in shared tables and hopes the filters hold. We made a different architectural choice.
Isolated Database per Organization
Your data never shares a database with another customer. Each tenant runs in its own MongoDB database — not a shared table with a tenant column. Cross-tenant queries are architecturally impossible.
Context-Bound Data Routing
Every authenticated request is cryptographically bound to your organization via its JWT. The data layer resolves your isolated database per request — application code cannot accidentally reach another tenant's data.
Per-Tenant Backup & Restore
Because each organization has its own database, backups, restores, and data exports are scoped to you alone — no commingled snapshots.
Authentication hardening that's actually implemented and continuously tested — not a roadmap slide.
Brute-Force Lockout
5 failed attempts trigger a 15-minute lock, keyed per IP + account, with full audit trail.
Immediate Session Revocation
Logout, password changes, role changes, and deactivation invalidate every active session instantly — not at token expiry.
Stolen-Token Defense
Tokens are bound to the device context they were issued on. A token replayed from a different environment is rejected.
Short-Lived Credentials
30-minute access tokens with secure refresh rotation. Single-use, hashed password-reset tokens that expire in 60 minutes.
Role-Based Access Control
Five permission tiers from viewer to admin, enforced server-side on every endpoint — plus platform/tenant role separation.
Complete Audit Logging
Logins, failures, resets, role changes, impersonation, and data-rights events are written to an immutable audit log.
SAML 2.0 single sign-on connects FractionalRisk to Okta, Microsoft Entra ID (Azure AD), or any SAML-compliant identity provider — so your existing MFA, password policies, and offboarding workflows govern access to your risk data.
Onboarding takes one exchange
We send our SP metadata
A single URL your IdP admin imports — entity ID, callback endpoint, and certificate requirements, pre-filled.
You send your IdP details
Your identity provider's SSO URL, entity ID, and signing certificate — straight from the Okta or Entra admin console.
Your team signs in
The SSO button on our login page recognizes your email domain and routes everyone through your identity provider.
GDPR-style data rights are built into the product, not handled by a support ticket queue.
Right to Data Portability
Tenant administrators can export their organization's complete dataset on demand — a portable copy of every collection in their isolated database.
Right to be Forgotten
A one-action, organization-scoped purge permanently deletes a tenant's database. Strictly limited to authorized administrators of that tenant.
Honest Answers to Security Questionnaires
"Where is my data?" has a one-line answer: in a dedicated database provisioned for your organization, accessible only through your organization's authenticated sessions.
Where does our data live?
In a dedicated MongoDB database provisioned exclusively for your organization.
Can another customer ever see our data?
No. Isolation is enforced at the database layer and verified by an automated cross-tenant test suite on every release.
What happens when an employee leaves?
Deactivating their account revokes every active session immediately, across all devices.
Can we get our data out?
Yes — full tenant export on demand, plus board reports in Word and PDF formats you already use.
Can you delete everything?
Yes — a tenant-scoped purge permanently removes your organization's database on request.
Is traffic encrypted?
All traffic is encrypted in transit over TLS (HTTPS), with HSTS and hardened security headers.
Can our team use our existing identity provider?
Yes — SAML 2.0 SSO with Okta, Microsoft Entra ID (Azure AD), or any SAML-compliant IdP, including just-in-time provisioning.
Framework-aligned with ISO 31000 and COSO ERM. SAML 2.0 single sign-on is included on enterprise plans; OIDC available on request.