Security & Trust

How Funeral Sentry handles your data

Funeral homes hold sensitive compliance information for vulnerable consumers. The platform was designed with multi-tenant isolation, citation-grounded AI, and conservative phrasing as foundational requirements — not afterthoughts.

Data Residency

  • Tenant isolation by design

    Every organization-owned record carries an organizationId. Service-layer guards reject queries that try to cross tenant boundaries; cross-tenant reads return 404 with no information leak.

    Last reviewed 2026-06-28

  • Hosted on a single-tenant VPS

    No shared SaaS plane handles your funeral home data. Production runs on an isolated VPS with Postgres, Redis, and S3-compatible object storage bound to localhost behind a system Nginx terminator.

    Last reviewed 2026-06-28

Encryption

  • TLS in transit

    All public HTTP traffic is HTTPS-only with HSTS preload enabled and a strict Content-Security-Policy header. Auth.js secrets and Stripe keys are never returned in API responses.

    Last reviewed 2026-06-28

  • Time-limited evidence URLs

    Document downloads go through 10-minute presigned URLs. Direct bucket access is denied by default; storage keys begin with the organizationId so a misdirected listing can never expose another tenant's files.

    Last reviewed 2026-06-28

  • Encryption at rest

    Database volume and object-store volume are encrypted at the VPS layer. Sensitive metadata (password hashes, OAuth tokens, Stripe keys) is also stripped from audit logs by an explicit denylist.

    Last reviewed 2026-06-28

Access Control & Audit

  • Role-based access control

    Nine roles (OWNER, ADMIN, MANAGER, DIRECTOR, STAFF, AUDITOR, CONSULTANT, LEGAL, PLATFORM_ADMIN). 30+ permissions. Server-side gates only — the UI never decides authorization.

    Last reviewed 2026-06-28

  • Append-only audit log

    Every business event writes an audit row with actor, action, entity, IP, user-agent, and request id. Logs use polymorphic refs so model splits don't orphan history. Logs are never updated or deleted by the platform.

    Last reviewed 2026-06-28

  • Platform-admin support sessions are logged

    When a Funeral Sentry platform admin accesses your tenant for support, an admin.support audit row records the session. You can ask us to surface those entries to your audit packets on request.

    Last reviewed 2026-06-28

Compliance Posture

  • No legal advice, by design

    Funeral Sentry will never tell you "you are compliant" or "guaranteed FTC safe". The product uses phrasing like "potential issue" and "review recommended" so determinations are always made by qualified counsel.

    Last reviewed 2026-06-28

  • AI output is citation-grounded

    Every AI finding must cite a real source from your input GPL (a disclosure key, a price item name, or a specific FTC section). Citations that don't match are preserved but downgraded to ESCALATE so a human reviews them.

    Last reviewed 2026-06-28

  • SOC 2 readiness on the roadmap

    We're building toward SOC 2 readiness with discrete controls (encryption, access reviews, vendor risk, incident response). We are not SOC 2 attested today. We'll publish progress as we get there.

    Last reviewed 2026-06-28

Have a security question?

We'll answer concrete questions about architecture, controls, and trade-offs. Email security@funeralsentry.com or request a demo to walk through the platform with us.