Security is not a feature — it's the foundation.
Cognaxa's security starts at the database layer with PostgreSQL Row-Level Security and extends through every layer of the stack. Here's how we protect your institution's data.
How We Protect Your Data
Six layers of defense — from the query planner to the network edge.
Row-Level Security at the Database
Every query runs through PostgreSQL Row-Level Security policies enforced at the query planner — not the application layer. A bug in middleware cannot expose tenant data because the query planner physically prevents it before a byte crosses the wire.
Native AI Proctoring — No Third-Party iFrames
Our proctoring engine is a first-class subsystem built into Cognaxa, not a third-party iframe. This means one SLA, one support channel, and no "the vendor is down" excuses on exam day.
Access Control & Identity
Three-tier RBAC combined with TOTP 2FA. Admins cannot access data outside their tenant boundary.
Type-Safe API Boundaries (Zod)
Request bodies, params, and query strings are validated against strict Zod schemas before reaching business logic, and all database access uses parameterized queries. Together, these two layers shut out the common injection vectors.
Activity Audit Logging
Key tenant and learner actions are captured in an activity log attached to the user and tenant.
Rate Limiting & Security Headers
Application-layer request throttling caps abusive traffic per client IP. Secure HTTP headers (X-Frame-Options, X-Content-Type-Options and related defaults) are enforced via Helmet.
Responsible Disclosure
Found a security issue? We take vulnerability reports seriously. Please do not disclose publicly until we've had the opportunity to remediate.
security@genfinish.com →