Security built into the architecture
Travix treats security as a foundational design constraint — not a feature gated behind an enterprise tier. Multi-tenant isolation, encryption, immutable audit logs, and verified backups are enforced at every layer of the stack.
Multi-tenant isolation
Every customer operates in a fully isolated tenant. Data leakage between tenants is architecturally impossible — enforced at middleware, repository, and authorization layers on every request.
- Every database table includes a tenantId column scoped on every query
- TenantContextMiddleware extracts tenant from JWT and injects it into every request
- Repository layer enforces tenantId filters — services cannot bypass scoping
- AccessGuard and TenantIsolationGuard reject cross-tenant access before data is returned
- WebSocket rooms are scoped by tenantId for real-time notification isolation
- API keys authenticate with the same tenant isolation as JWT sessions
Access management & authorization
Enterprise IAM governs every authorization decision through a unified pipeline — plan, feature flag, RBAC permission, ABAC policy, data scope, and resource ownership.
- 13 system role templates with hierarchical permission catalog
- ABAC policy engine with DENY-overrides-ALLOW financial guardrails
- Data scopes (ALL, OWN_BRANCH, OWN_RECORDS, and more) enforced in queries
- Session registry with IP, browser, OS, and device metadata — admin revoke
- Optional TOTP two-factor authentication; admins can require 2FA per user
- Auditable access decisions with machine-readable reason codes
Encryption
Data is protected in transit and at rest using industry-standard encryption. Secrets and API keys are hashed — never stored in plaintext.
- TLS 1.2+ for all HTTP and WebSocket connections
- AES-256 encryption for data at rest in PostgreSQL and object storage
- Document storage uses signed download URLs with S3-backed encryption
- API keys and secrets stored hashed — never in plaintext
- JWT tokens signed with rotating secrets; refresh tokens stored in Redis
- Optional TOTP two-factor authentication for all user accounts
Audit & activity logs
Every mutation across the platform is recorded in an immutable audit log. Export activity is tracked separately. Activity logs capture user navigation and session events.
- AuditLog captures actor, action, entity, timestamp, IP address, and user agent
- Before/after values recorded for critical field changes
- ExportAuditLog tracks every report download and data export event
- ActivityLog supplements audit with user activity and session events
- Queryable by user, entity type, action, and date range from the dashboard
- Access Management security events visible in the audit log UI
Backups & recovery
Database backup lifecycle with integrity verification and test restores. Your financial data survives infrastructure failures — not just promised, but procedurally tested.
- Create backups with type and status tracking per tenant
- Verify backup integrity before relying on a restore point
- Test-recovery procedures validate restore paths without production impact
- Customer-initiated full data export available on all plans at any time
- Encrypted backups stored separately from primary database
- Disaster recovery RTO target: 4 hours; RPO target: 1 hour
Infrastructure
Production infrastructure runs on hardened cloud services with monitoring, alerting, and health probes. No single point of failure in the critical path.
- Containerized deployment with liveness, readiness, and startup probes
- PostgreSQL with read replicas for reporting workloads
- Redis for session management, caching, and background job queues
- Prometheus metrics endpoint for observability and alerting
- Automated alerting on error rate spikes and latency anomalies
- 99.9% uptime SLA for production environments
Compliance roadmap
We are actively pursuing formal compliance certifications while maintaining security controls that meet or exceed current requirements.
- SOC 2 Type II audit planned for Q3 2026
- ISO 27001 certification planned for Q4 2026
- GDPR-compliant data handling with right-to-erasure support
- Regular third-party penetration testing (quarterly)
- Dependency vulnerability scanning in CI/CD pipeline
- Security disclosure program with responsible disclosure policy
Security questions?
For security inquiries, vulnerability reports, or compliance documentation requests, contact our security team.
Report a vulnerabilityReady to run your agency on one ledger?
Join travel businesses that replaced spreadsheets and legacy ERP with a platform built for how agencies actually work.