Security-Focused Architecture

Security & Privacy

eAssetVault is built around private AWS storage, Cognito authentication, role-based access, and tenant-scoped document workflows.

Current Backend Foundation

Built with protected AWS document flows

The current application uses Cognito-authenticated API requests, private S3 document storage, DynamoDB metadata, and activity logs for key document actions.

Current implementation

Backend document APIs require Cognito bearer tokens. Document records are tenant-scoped, S3 files remain private, and platform access is limited by role.

Private AWS S3 Storage

Documents are stored in a private S3 bucket. The app does not make uploaded files public.

DynamoDB Metadata

Document metadata is stored separately in DynamoDB and scoped under the authenticated client's tenant key.

Cognito Authentication

Backend APIs verify Cognito JWTs and read user identity, email, name, and group-based role signals.

Role-Based Access

Cognito groups drive roles such as SUPER_ADMIN, CLIENT_ADMIN, CLIENT_STAFF, and READ_ONLY.

Presigned Uploads and Downloads

Uploads and downloads use secure presigned S3 URLs generated by protected backend routes.

Activity Logs

Uploads, downloads, renames, and deletes are logged with the authenticated user context where available.

Data Protection

Tenant-scoped controls for sensitive records

The current backend is designed to keep each client's document metadata, activity, and users scoped to that client's profile.

  • +ClientId-based tenant separation scopes document records under CLIENT#{clientId}.
  • +Private S3 objects are accessed through presigned URLs rather than public links.
  • +Super admin APIs are protected for platform roles such as SUPER_ADMIN, PLATFORM_ADMIN, and SUPPORT_STAFF.
  • +Environment secrets and AWS keys remain server-side and are not exposed as browser variables.
  • +Deployment preparation includes HTTPS/domain readiness and production environment variable checks.
Business team reviewing sensitive records with controlled document access
Trust Notes

Careful claims, real controls

eAssetVault is designed with a security-focused architecture, but this page does not claim SOC 2, ISO, HIPAA, or full legal compliance certification. Those claims should only be made after formal verification, audit, and legal review.

Next Step

Protect what matters with clear controls

Create a vault to use protected document workflows, or contact us to discuss secure scanning and onboarding requirements.

Sign Up FreeRequest Scanning