Security & compliance
Security controls for operational data
Graicx is built around tenant scoping, role-aware access, and controlled operational workflows.
Security principles
- Access is scoped by platform, account, client, site, and operational record permissions.
- Clients and sites are separate records even when their names are similar in a simple deployment.
- Client access and site access are represented as explicit assignments rather than name-based matching.
- Site and location structure is scoped through the parent Account to Client to Site relationship.
- Administrative controls are kept inside authenticated application routes.
- Public documentation pages do not load private customer data or privileged server credentials.
- AI analytics uses controlled aggregate tools rather than broad database access.
Administration and access safeguards
- Platform users administer across accounts.
- Account administrators manage their own account users, clients, and sites.
- Client-scoped users are limited to assigned clients and the sites under those clients.
- Site-scoped users are limited to explicitly assigned sites.
- Restricted users are not intended to manage account, client, site, or location metadata.