Security & Audits
Last updated: May 2026
Platform security
HACCP PRO runs on managed infrastructure with encrypted storage, automated backups and least-privilege access. Admin sessions are short-lived and protected by per-request token checks.
Application security
Our application code is reviewed before release. Public content is sanitised before render to prevent script injection, and write endpoints require an authenticated admin session.
Customer data isolation
Each organisation's records, learners and audit data are scoped by tenant and entity hierarchy so users only see the records they are entitled to.
Reporting a vulnerability
If you believe you have found a security issue, please email hello@haccppro.com with the details. We acknowledge reports within two business days.