Landfall

Security

Built for teams that handle
sensitive regulatory data.

Landfall is designed with security at every layer — from authentication to audit trails. Here's exactly what's in place.

Defence in depth

Multiple independent security layers

Full transparency

Every AI decision auditable and traceable

Least privilege

Role-based access at every level

What's implemented

No aspirational claims — only what's shipping in the codebase today.

Authentication & Access Control

  • Bcrypt password hashing with cost factor 12
  • TOTP-based multi-factor authentication with backup codes
  • Role-based access: Analyst, Approver, Admin, Viewer
  • Concurrent session limiting (5 per user) with revocation
  • JWT sessions with configurable expiry (8h default)
  • Account lockout after 5 failed attempts

API & Transport Security

  • HTTPS enforced via Strict-Transport-Security (1-year max-age)
  • CSRF protection via origin/referer verification on all state-changing requests
  • Tiered rate limiting by endpoint (auth: 10/min, AI: 20/min, default: 500/min)
  • Input validation via Zod schemas on every API endpoint
  • Webhook signature verification (HMAC-SHA256)
  • X-Frame-Options: DENY, X-Content-Type-Options: nosniff

Data Protection

  • PostgreSQL with Prisma ORM — all queries parameterised (no raw SQL)
  • Sensitive fields (passwords, tokens, API keys) redacted from all logs
  • Security headers: clickjacking prevention, referrer policy, permissions policy
  • Camera, microphone, and geolocation permissions disabled by default
  • Non-root Docker execution for self-hosted deployments
  • Database SSL recommended and documented for production

Audit Trail & Traceability

  • Every action logged: entity, user, timestamp, before/after state
  • 7-year minimum retention for approved compliance decisions
  • Compliance contracts with SHA-256 integrity verification
  • Full decision chain: regulation → obligation → interpretation → work item
  • Audit logs indexed by user, entity, and timestamp for fast retrieval
  • Export audit bundles for external review

AI & Data Isolation

  • AI calls go directly to Anthropic — your data is not used to train models
  • Bring Your Own Key (BYOK): use your own Anthropic API key per project
  • Optional PII anonymisation before AI processing (email, phone, SSN redaction)
  • Full prompt logging with token tracking and cost attribution
  • Per-project AI configuration with owner-only access
  • Every AI interpretation flagged for human review — no silent decisions

Privacy & Data Rights

  • GDPR data export: download all your data in one click
  • Data deletion with configurable strategies (delete, archive, anonymise)
  • Deletion requests audited with legal basis tracking
  • Password history enforcement prevents reuse
  • No cross-tenant data access — strict project-level isolation
  • Self-hosting option for teams with data residency requirements

Your data, your control

Self-host or use our managed service. Either way, you own your data.

Self-hosted option

Docker deployment with non-root execution, health checks, and network isolation.

BYOK for AI

Bring your own Anthropic API key. Your prompts go directly to the provider.

Full prompt visibility

See exactly what gets sent to the AI model — with optional full prompt storage.

CI/CD verification

Compliance contracts live in your repo with SHA-256 hashes for automated checks.

What we don't have yet

We believe in transparency. These are areas we're actively working on but haven't shipped:

  • SOC 2 Type II certification (in progress)
  • Encryption at rest (relies on database-level configuration)
  • Automated secrets rotation
  • Dedicated WAF (currently relies on platform provider)
  • Formal penetration testing report

Questions about security?

We're happy to discuss our security architecture in detail.