Your Data Is Yours.
We Keep It That Way.
Every component — from authentication to data storage to API calls — is designed to prevent unauthorized access and ensure tenant data never crosses workspace boundaries.
Identity & Authentication
All user sign-ins are handled by Firebase Authentication — a Google-managed, SOC 2-certified identity service. Passwords are never stored by Alzar Logic; they are hashed and managed exclusively by Firebase. Sessions are tied to authenticated tokens. Unauthenticated requests to any data endpoint are rejected at the server level before any business logic executes.
Data Isolation — Multi-Tenant Architecture
Each workspace is assigned a unique Tenant ID. All data is stored under its own Firestore namespace (tenants/{tenantId}/...). Firestore Security Rules enforce that a user can only read or write data within their own tenant. No workspace can read, query, or modify another workspace's data — isolation is enforced at the database layer, not just the UI.
Role-Based Access Control
Every module, action, and data field is governed by a granular permission system. Two enforcement layers work independently: UI Guards hide or disable elements client-side, and Firestore Rules independently verify every read and write server-side. A user who bypasses the UI cannot bypass the Firestore rules — both layers must pass.
Cloud Functions & API Security
Business-critical operations — payment processing, user provisioning, tenant configuration — execute in Firebase Cloud Functions on the server, not in the browser. Each function validates the caller's Firebase Auth token before executing. Payment processing uses established third-party infrastructure; card data never passes through Alzar Logic servers.
Data in Transit & At Rest
All data in transit is encrypted via TLS 1.2+ (enforced by Firebase/Google infrastructure). Firestore data at rest is encrypted by Google Cloud. PDF generation occurs in the browser — no file data is uploaded to external servers for rendering.
Audit Logging
Every significant user action — logins, data changes, permission overrides — is recorded to an immutable audit log. Administrators can review audit history within the platform. Logs cannot be modified or deleted by end users.
Offline & Sync Security
The offline sync engine queues writes locally and flushes them to Firestore once connectivity is restored. Queued writes are subject to the same Firestore security rules when committed — offline mode does not grant elevated permissions.
Responsible Disclosure
If you believe you have found a security vulnerability in Alzar Logic, please contact us at security@alzarlogic.com before public disclosure. We take all reports seriously and will respond within a reasonable timeframe.
security@alzarlogic.com →Alzar Logic is built on Firebase (Google Cloud) for authentication and data storage, a certified third-party provider for payment processing, and the Google Gemini API for AI-assisted features. Card data is never stored on our servers.
Full service list →