Permissions first
Every record carries a tenant and a role. Staff can only see what their role allows. Owner, manager, counter, scanner, and field roles are first-class.
Legal
Security
Security is built into NoxOrigin from the database up. This page summarises the design choices we make today, and the disclosures process once we open the platform.
Effective: To be published
Audit logs
Discounts, approvals, edits, and authentication events are recorded. Logs are exportable and kept read-only for owners.
Authentication
Email and password authentication with rate-limited login attempts, password hashing, and session management. Magic links and 2FA are on the roadmap.
Disclosures
Report a vulnerability to namik@noxorigin.com. We acknowledge new reports within 2 business days and triage within 5 business days.