Multi-tenant isolation

Each organisation runs in its own isolated environment with its own dedicated database. There is no shared tenant data store — one organisation cannot see another's records, by design.

Encryption in transit

All traffic between browsers, mobile apps, devices and the server is encrypted with TLS using Let's Encrypt certificates. HTTP requests are redirected to HTTPS.

Role-based access control

Every module is gated by granular permissions. Administrators can give a user access to exactly the modules and actions they need — and no more.

Audit trail

Significant actions are logged with the user, subject, action text and timestamp, so changes can always be traced back to their source.

Backup & disaster recovery

Owner-level full-system backup and per-tenant backup — on demand or on schedule — with restore for fast recovery from any incident.

Sensitive-file protection

Configuration files, source control and storage paths are explicitly denied at the web server, and a default catch-all vhost drops unknown hosts.

How isolation works

One tenant can never see another

TinyMIS is built on a container-per-tenant, database-per-tenant model. Each organisation has its own database, its own environment configuration, and its own running instance — sharing only the application codebase.

A catch-all default server block refuses requests with an unknown or missing Host header, so a misrouted device that skips certificate validation is dropped rather than silently landing on the wrong tenant.

  • Separate database per organisation.
  • Per-tenant environment and configuration.
  • Explicit server-name matching per tenant domain.
  • Default catch-all that drops unknown hosts.
Authentication & sharing

Safe credentials and safe document sharing

QR-based device binding

Registering a personal mobile device uses a one-time QR token or short bind code, validated server-side and revocable by an administrator — so a lost or replaced phone can be unbound instantly.

Signed PDF URLs

Payslip and performance-report downloads use Laravel signed URLs — cryptographically verified by the server, with expiry — so a link cannot be reused or forged, even without a session.

CSRF protection

State-changing requests are protected by CSRF tokens, including the token-gated public visitor and job-application forms.

Web push done right

Push subscriptions are stored per-user, expired endpoints are pruned automatically, and push sending is wrapped so a delivery failure can never break a core request.

Privacy matters too

Read our full privacy statement to see exactly what data TinyMIS collects, why, and how long it is kept.

Read the Privacy Statement