Security and compliance, built into the operating layer.
ELIAN runs on Azure infrastructure in the Netherlands and ships with the controls operations and procurement teams expect from a B2B platform.
EU-only data residency
Telemetry, video, tasks and alerts live on Azure infrastructure in the Netherlands. No cross-region replication, no US transfer.
GDPR alignment
We act as a data processor for customer telemetry and as a data controller for marketing-site visits. DPA available; per-org data-retention configurable per signal type.
ISO 27001 in progress & SOC 2 alignment
ISO 27001 certification work is underway. Our internal controls are aligned with SOC 2 even where formal certification is pending.
Multi-factor authentication
Email-based 6-digit OTP with 10-minute expiry and resend cooldown. Account lockout after 5 failed attempts; bcrypt-12 password hashing with strength meter.
Six-tier RBAC
Viewer, Technician, Site Manager, Site Admin, Org Admin, Owner — plus custom role definitions with a permission-matrix UI. Per-site role assignment.
Encrypted secrets
RTSP camera credentials stored with AES-256-GCM. JWT access tokens (30 min) with rotation and refresh-token revocation; session inactivity timeout with countdown.
Audit log & event trail
System Event Log records every account, configuration and operator action. Grid / list / timeline views; acknowledgement; CSV export; per-event GeoIP-tagged login fingerprints.
Automated backups & retention
PostgreSQL pg_dump every 2 hours in production, 90-day retention on Azure Cool tier. Configurable retention per signal type via the admin UI.
An audit trail your regulator can read.
Every alert, acknowledgement, role change, login and configuration tweak lands in the system event log with timestamp, user, IP and GeoIP. Filter by time, severity or category, then export to CSV for compliance review.