Travix

Security built into the architecture

Travix treats security as a foundational design constraint — not a feature gated behind an enterprise tier. Multi-tenant isolation, encryption, immutable audit logs, and verified backups are enforced at every layer of the stack.

Multi-tenant isolation

Every customer operates in a fully isolated tenant. Data leakage between tenants is architecturally impossible — enforced at middleware, repository, and authorization layers on every request.

  • Every database table includes a tenantId column scoped on every query
  • TenantContextMiddleware extracts tenant from JWT and injects it into every request
  • Repository layer enforces tenantId filters — services cannot bypass scoping
  • AccessGuard and TenantIsolationGuard reject cross-tenant access before data is returned
  • WebSocket rooms are scoped by tenantId for real-time notification isolation
  • API keys authenticate with the same tenant isolation as JWT sessions

Access management & authorization

Enterprise IAM governs every authorization decision through a unified pipeline — plan, feature flag, RBAC permission, ABAC policy, data scope, and resource ownership.

  • 13 system role templates with hierarchical permission catalog
  • ABAC policy engine with DENY-overrides-ALLOW financial guardrails
  • Data scopes (ALL, OWN_BRANCH, OWN_RECORDS, and more) enforced in queries
  • Session registry with IP, browser, OS, and device metadata — admin revoke
  • Optional TOTP two-factor authentication; admins can require 2FA per user
  • Auditable access decisions with machine-readable reason codes

Encryption

Data is protected in transit and at rest using industry-standard encryption. Secrets and API keys are hashed — never stored in plaintext.

  • TLS 1.2+ for all HTTP and WebSocket connections
  • AES-256 encryption for data at rest in PostgreSQL and object storage
  • Document storage uses signed download URLs with S3-backed encryption
  • API keys and secrets stored hashed — never in plaintext
  • JWT tokens signed with rotating secrets; refresh tokens stored in Redis
  • Optional TOTP two-factor authentication for all user accounts

Audit & activity logs

Every mutation across the platform is recorded in an immutable audit log. Export activity is tracked separately. Activity logs capture user navigation and session events.

  • AuditLog captures actor, action, entity, timestamp, IP address, and user agent
  • Before/after values recorded for critical field changes
  • ExportAuditLog tracks every report download and data export event
  • ActivityLog supplements audit with user activity and session events
  • Queryable by user, entity type, action, and date range from the dashboard
  • Access Management security events visible in the audit log UI

Backups & recovery

Database backup lifecycle with integrity verification and test restores. Your financial data survives infrastructure failures — not just promised, but procedurally tested.

  • Create backups with type and status tracking per tenant
  • Verify backup integrity before relying on a restore point
  • Test-recovery procedures validate restore paths without production impact
  • Customer-initiated full data export available on all plans at any time
  • Encrypted backups stored separately from primary database
  • Disaster recovery RTO target: 4 hours; RPO target: 1 hour

Infrastructure

Production infrastructure runs on hardened cloud services with monitoring, alerting, and health probes. No single point of failure in the critical path.

  • Containerized deployment with liveness, readiness, and startup probes
  • PostgreSQL with read replicas for reporting workloads
  • Redis for session management, caching, and background job queues
  • Prometheus metrics endpoint for observability and alerting
  • Automated alerting on error rate spikes and latency anomalies
  • 99.9% uptime SLA for production environments

Compliance roadmap

We are actively pursuing formal compliance certifications while maintaining security controls that meet or exceed current requirements.

  • SOC 2 Type II audit planned for Q3 2026
  • ISO 27001 certification planned for Q4 2026
  • GDPR-compliant data handling with right-to-erasure support
  • Regular third-party penetration testing (quarterly)
  • Dependency vulnerability scanning in CI/CD pipeline
  • Security disclosure program with responsible disclosure policy

Security questions?

For security inquiries, vulnerability reports, or compliance documentation requests, contact our security team.

security@travix.io

Report a vulnerability

Ready to run your agency on one ledger?

Join travel businesses that replaced spreadsheets and legacy ERP with a platform built for how agencies actually work.