Defense in depth for tenant-contained academic operations.

A concise public architecture summary. Detailed evidence and risk responses are shared under the commercial assurance process.

Identity and authorization

Host-bound tenants, assigned-role selection, scoped grants, secure sessions, revocation, forced password change, MFA, OIDC/SAML, break-glass drills, rate controls, and audited security events.

Tenant and data isolation

Transaction-scoped tenant context, restricted non-owner PostgreSQL roles, forced row-level security, cross-tenant test gates, private object ownership, and signed time-limited downloads.

Application and content security

CSRF protection, restrictive browser headers, input validation, optimistic versions, idempotent jobs, malware quarantine, checksums, controlled PDF workers, secrets outside images, and no fabricated production fallbacks.

Recovery and assurance

Encrypted backups, WAL and object versioning plans, restore evidence, audit exports, legal holds, retention, incidents, provider risk, and release gates. Certification is never implied without independent award.