Operational and financial data is among the most sensitive information a business holds. Our security architecture reflects that. Every design decision starts with the question: what happens if this fails?
Each layer of the platform is designed with security and data integrity as a primary constraint, not an afterthought.
Every client operates in a fully isolated data environment. No two clients' data shares a database, schema, or storage container. Tenant isolation is enforced at the architecture level — not through runtime access controls.
All data transmitted to and from the platform is encrypted using TLS 1.2 or higher. All data stored within the platform is encrypted at rest using AES-256. Encryption keys are managed through a dedicated key management service and rotated on a defined schedule.
The platform enforces role-based access control (RBAC) at the organisation, location, and report level. HQ and portfolio owners have full visibility. Location managers and franchisees see only their own data. All permission changes are logged.
All user actions within the platform — including logins, data access, permission changes, and exports — are recorded in immutable audit logs. Logs are retained for a minimum of 12 months and are available to compliance teams on request.
IntelliBranch is hosted on enterprise-grade cloud infrastructure with automated failover and geographic redundancy. We maintain a 99.9% monthly uptime SLA, with real-time status monitoring and incident response procedures in place.
Enterprise customers may specify their preferred data residency region. Data is stored and processed within the agreed region and does not cross regional boundaries without explicit authorisation. Available regions are confirmed at time of contract.
IntelliBranch's security controls are aligned to recognised international and regional standards.
If you believe you have discovered a security vulnerability in IntelliBranch, please report it to us privately before public disclosure. We investigate all reports promptly and will acknowledge receipt within 2 business days.
Report a VulnerabilityFor all other enquiries, see our Contact page.