Field One
LoginFree trial

Security at Oplerra

Last updated: 2025-01-01

Oplerra is designed as a multi-tenant, cloud-hosted platform with security controls appropriate for councils, utilities, and regulated field operations.

We prioritise:

  • Australian data residency
  • Strong access controls and tenant isolation
  • Encrypted communications
  • Audit-ready operational evidence

This page describes the security measures currently implemented in our production environment, based on how the application operates today.

Infrastructure & Data Residency

  • Oplerra runs on DigitalOcean App Platform (managed applications).
  • Our primary DigitalOcean Managed PostgreSQL database is hosted in Sydney, Australia.
  • Geospatial functionality is supported via PostGIS.
  • Customer data is stored and processed within the Australian region unless otherwise agreed.

Data Encryption

  • All production web traffic is served over HTTPS, with HSTS enabled.
  • Application-to-database connections are encrypted using SSL/TLS in production and managed database environments.

Authentication & Account Security

  • Authentication is handled using NextAuth, with standard CSRF protections applied to sign-in flows.
  • User passwords are never stored in plaintext and are stored as salted bcrypt hashes.
  • Forced password resets are supported via a must-change-password flag (for example, after an administrator-initiated reset).
  • Login attempts are rate-limited and may be temporarily blocked after repeated failures to reduce brute-force risk.

Session Management & Revocation

  • User sessions are managed using JWT-based session tokens.
  • Active sessions can be invalidated using a server-side token version mechanism when credentials change (for example, after a password reset).

Access Control & Tenant Isolation

  • Oplerra is a multi-tenant system. Each customer workspace is represented as a distinct account.
  • All customer business data is scoped by an account identifier at the application and database layers.
  • Users are associated with accounts through explicit membership records, and all access checks are enforced server-side.
  • Authorization is role- and capability-based (for example: Owner, Admin, Office, Field, Viewer).
  • Clients do not connect directly to the database; all database access occurs via server-side application logic.

Platform Security Controls

  • A production Content Security Policy (CSP) restricts where scripts, connections, and embedded resources may load from.
  • Additional browser security headers are applied, including:
  • X-Frame-Options: DENY (clickjacking protection)
  • X-Content-Type-Options: nosniff
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy to restrict access to sensitive browser capabilities
  • Server-side database access uses parameterized queries via ORM and database libraries to reduce the risk of SQL injection.

File Storage & Media Security

  • Files are stored using DigitalOcean Spaces, with separation between public and private content.
  • Private files are delivered using short-lived signed URLs.
  • Upload handling enforces:
  • Defined file size limits
  • Content-type allowlists
  • Blocking of executable file types

Backups & Data Resilience

  • Production databases are backed up automatically using managed backup services provided by our hosting provider.
  • Backups are retained for a defined rolling period.
  • Backup restoration is supported as part of operational maintenance.

Audit Logging & Operational Evidence

  • Security-relevant events (such as authentication activity and data changes) are logged server-side.
  • Logs support incident investigation and operational audit requirements.
  • Operational evidence (including forms, submissions, and media) is stored in a way that preserves historical integrity and links evidence to jobs, assets, and projects.

Data Access & Customer Isolation

  • Oplerra staff do not access customer data unless explicitly authorised for support or operational purposes.
  • Customer data is not shared with third parties except where required to operate the service (for example, infrastructure providers).
  • Logical tenant isolation is enforced at the application and database layers.

Compliance & Certifications

  • Oplerra is not currently certified under ISO 27001 or SOC 2.
  • Security controls are designed with common enterprise and government procurement frameworks in mind, and controls are continuously reviewed and improved.

Security Enquiries

If you have security questions, procurement checklists, or vendor review requirements, please contact us. We routinely support council and enterprise security reviews and are happy to provide additional detail as required.