PAQGEN

Security Overview

PAQGEN protects brand authenticity data with workspace isolation, role-based access, rate limits, audit logging, and operational controls.

Workspace Isolation

Each brand workspace uses a separate PostgreSQL schema. API access is scoped by authenticated user role and company. Non-superadmin users cannot access another company workspace.

Access Controls

Audit and Evidence

Workspace actions are recorded in audit logs. Company admins can export audit CSV records for review, support, and security checks.

Platform Controls

PAQGEN uses HTTPS, CORS allowlists, login rate limits, account lockout, upload validation, QR verification rate limits, database backups, and health monitoring.

Important Limitation

As with most SaaS platforms, authorised PAQGEN superadmins can technically access customer data for support, security, and operations. This access is restricted by policy and should be audited.