Security

Enterprise-grade security for sensitive formulation data

Your formulations, ingredient data, and compliance records are among your most valuable IP. Aromis protects them with private tenant architecture, encryption at every layer, and enterprise identity controls.

Architecture — Tenant Isolation Model
EDGE LAYERVercel CDN · DDoS Protection · SSL/TLS 1.3 · Rate Limiting · WAFIDENTITY & ACCESSSSO/SAML · JWT Validation · RBAC Middleware · Tenant Context ResolutionAPPLICATION LAYERFormulateSourceComplyProduceMarketCoreAI ENGINEClaude API · Compliance Engine · Stability Engine · Formulation EngineAUDIT & GOVERNANCEImmutable Audit Log · Version History · Approval Records · Evidence ExportTENANT ISOLATION BOUNDARYTenant A — Flavour HouseDedicated Schema · RLS EnforcedIngredientsFormulations🔒 Encrypted · Isolated · AuditedTenant B — Spice ManufacturerDedicated Schema · RLS EnforcedIngredientsFormulations🔒 Encrypted · Isolated · AuditedTenant N — Fragrance HouseDedicated Schema · RLS EnforcedIngredientsFormulations🔒 Encrypted · Isolated · Audited

Tenant Isolation

Live
Dedicated Supabase schema per tenant — no shared tables
Row-level security (RLS) enforced at database layer
Tenant context validated on every API request
No cross-tenant data leakage by design

Identity & Access Control

Roadmap
SAML 2.0 / SSO integration for enterprise identity providers
SCIM provisioning for automated user lifecycle
Role-based access control (RBAC): Admin, Regulatory, R&D, Read-only
Session management with configurable timeout policies

Encryption

Live
TLS 1.3 for all data in transit
AES-256 encryption at rest (Supabase-managed)
Encrypted backups with point-in-time recovery
API keys stored in environment-level secrets (Vercel)

Audit & Logging

Live
Full audit trail on compliance decisions (CP1–CP10)
Formulation version history with diff tracking
Approval, rejection, and revision event logs
API request logging with tenant and user attribution

Infrastructure

Live
Hosted on Vercel Edge Network (global CDN)
Supabase PostgreSQL with automated backups
Zero-downtime deployments via Git-integrated CI/CD
DDoS protection and rate limiting at edge layer

Incident Response

Roadmap
Documented incident response procedure
Severity classification (P1–P4) with response SLAs
Customer notification within 24 hours for data incidents
Post-incident review and remediation reports
Data Architecture — Module-to-Database Flow
FormulateSourceComplyProduceMarketCoreAPI ROUTES/api/formulate · /api/ingredients · /api/compliance/run · /api/stability · /api/docsSUPABASE · ROW-LEVEL SECURITY · TENANT ISOLATIONFORMULATE TABLESformulationsingredientsformulation_ingredientsSOURCE TABLESsupplierssupplier_ingredientspricingCOMPLY TABLESregulatory_frameworkscompliance_runscheckpoint_resultsPRODUCE TABLESproduction_specsbatch_recordsbom_outputsMARKET TABLESmarket_analysescompetitor_productstrend_dataCORE TABLEStenantsusersaudit_logsapprovalsDATA INGESTION LAYERFlavorDB25,595 compoundsPubChem-FEMAGRAS substancesFooDB38,224 compoundsCSV/ExcelBulk importREST APIProgrammatic44 Tables · 64,203 Ingredients · 20+ Regulatory Frameworks · 18 Stability Rules · 10 Compliance Checkpoints

Subprocessor Disclosure

Aromis uses the following infrastructure subprocessors:

Vercel
Application hosting & CDN
Region: US/EU
Supabase
Database & authentication
Region: US/EU (configurable)
Anthropic
AI inference (Claude)
Region: US
Resend
Transactional email
Region: US

Need our full security documentation?

Request our security pack including architecture diagram, data flow documentation, and enterprise questionnaire responses.

Request Security PackBook Enterprise Demo