Security isn't a feature. It's the foundation.
Multi-tenant by design. Encrypted by default. Audited continuously. The same controls Fortune 500 IT teams expect — applied to every guest WiFi session.
Every layer hardened.
Tenant isolation
Every record carries a tenant ID. Every API endpoint validates that ID against the requester's JWT scope. Row-level policies in PostgreSQL enforce isolation at the database layer — verified by independent pentest.
Role-based access control
Four roles (Super, MSP, Reseller, Venue) with scoped permissions. Sub-roles supported per MSP. Every dashboard view, API call, and audit log respects role scope.
Encrypted credentials
Provider credentials (SMS gateways, email senders, payment keys, RADIUS shared secrets) are encrypted at rest with AES-256-GCM. Encryption keys are managed via cloud KMS.
Comprehensive audit logs
Every login, configuration change, admin action, and critical event is logged with actor, target, and timestamp. Logs retained for compliance, exported via API or SIEM webhook.
RADIUS AAA
Authentication, authorisation, and accounting on every WiFi session. CoA-Disconnect enforced at the NAS. Audit trails for every guest authentication.
Data privacy + GDPR
GDPR Articles 15-22 fully supported. Per-guest data export, deletion, and consent management. Tenant-configurable data retention with automatic purge.
Backup-ready architecture
Daily encrypted database snapshots with PITR. Multi-zone hot replicas. Tested recovery runbooks. Cross-region backups available on Enterprise.
Continuous monitoring
Health checks every 60 seconds across every layer. SOC-style alerting on anomalous auth patterns, quota breaches, and infrastructure events.
Secure development lifecycle
Code review on every change. Dependency scanning. Container image scanning. Penetration testing on major releases. Bug bounty for security researchers.
Guest data is yours. We just process it.
Under GDPR, the venue is the data controller and TheWiFy is the data processor. We process strictly on documented instructions, with sub-processors disclosed and DPA-bound.
We never sell guest data
Guest data is processed strictly for the venue/MSP that captured it.
Tenant-controlled retention
Each tenant configures how long their data is kept; automatic purge.
Right to erasure
Any guest can request deletion. Cascade-purge across analytics, CRM, and logs.
Sub-processors disclosed
GCP, SendGrid, Twilio, Stripe — listed publicly and DPA-bound.
Compliance, demonstrably.
Frameworks we align to, certifications in flight, and partners that handle the rest.
Articles 15-22 fully supported, DPA available on request.
Infrastructure and policies aligned to ISO 27001 controls.
Type 2 audit scheduled. Status updates available under NDA.
PCI compliance handled by Stripe — we never see card data.