Authentication & Access
JWT-based authentication with secure token rotation. Role-based access control (RBAC) ensures users only access what they're authorized to see. Multi-workspace isolation keeps organization data completely separate.
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Database connections are encrypted, and sensitive configuration values are stored in secure vaults — never in source code.
Data Isolation
DocEngine uses a multi-tenant architecture with strict data isolation at the organization level. Query filters ensure that data from one organization is never accessible to another, even at the database query level.
Audit Trails
Every significant action is logged with full audit trails — who did what, when, and from where. Audit logs are immutable and retained for compliance and investigation purposes.
Infrastructure
DocEngine is hosted on enterprise-grade cloud infrastructure with automatic scaling, redundancy, and geographic distribution. Regular backups ensure data durability and disaster recovery readiness.
AI Data Handling
When using AI generation, your content is sent to AI providers under strict data processing agreements. Your data is not used to train AI models. We minimize the data sent and do not retain AI provider responses beyond what is needed to serve you.
Responsible Disclosure
If you discover a security vulnerability in DocEngine, we encourage you to report it responsibly. Please email security@docengine.dev with details of the vulnerability. We will acknowledge your report within 48 hours and work to resolve the issue promptly.
Questions
For security-related questions or concerns, contact us at security@docengine.dev.