Security
Practical security notes for AdjusterDesk.
A clear summary of current safeguards without claiming certifications that are not in place.
Security baseline
Production access
AdjusterDesk is intended to run over HTTPS in production. Signed-in workspace access uses protected login and server-side session checks before private office pages load.
Workspace separation
Authenticated app routes require a valid workspace. Records are scoped by firm where practical so one office works inside its own claim, client, document, task, money, and report data.
Session and administrative safety practices
- Signed session cookies are HTTP-only and same-site lax, with secure cookies in production.
- System-admin workspace switching uses a separate workspace override cookie.
- Production hardening includes administrative maintenance and data-management safeguards.
- Uploaded-file handling includes filename cleanup, size checks, path checks, and blocked executable-like extensions.
What AdjusterDesk does not claim
AdjusterDesk does not claim SOC 2, HIPAA compliance, bank-grade security, end-to-end encryption, formal penetration testing, or security certification on this public site. Those claims should only be added after the work is completed and reviewed.
Security contact
Security questions or responsible disclosure notes can be sent to [email protected] with Security in the subject line.
Have a security question?
Email [email protected] with Security in the subject line so the concern can be reviewed.