Security

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Database connections are encrypted end-to-end. Secrets and API keys are stored in Azure Key Vault — never in source code or environment files.

UnionEyes uses role-based access control (RBAC) to ensure members only see what they're authorized to see. Authentication is handled by Clerk with multi-factor authentication support. Database queries are scoped by organization to enforce strict data isolation between unions.

UnionEyes is hosted on Microsoft Azure in Canadian data centres, ensuring your data stays within Canadian jurisdiction. We use container isolation, automated security scanning of dependencies and Docker images, and enforce strict Content Security Policy headers across all applications.

All access to sensitive data is logged with a full audit trail. We run automated vulnerability scanning on every code change, including static analysis (CodeQL), dependency audits, secret scanning, and container image scanning (Trivy). Rate limiting protects API endpoints from abuse.

If you discover a security vulnerability, please report it responsibly by emailing security@nzila.app. We acknowledge reports within 24 hours and provide a fix timeline within 72 hours. Please do not file public issues for security matters.

UnionEyes is designed to comply with PIPEDA (Personal Information Protection and Electronic Documents Act) and applicable Canadian provincial privacy legislation. For more details, see our Privacy Policy.