INVITE-ONLY
Access begins from a controlled invitation so document collection is tied to a known workflow and recipient.
Layered controls for documents that cannot be treated like ordinary attachments.
CVOR is designed around custody, traceability, and lifecycle control.
Built with ISO 27001-aligned controls and GDPR design principles.
01 — PHILOSOPHY
Security is not a single boundary. It is a workflow property.
Sensitive document workflows create risk across collection, upload, review, storage, access, and deletion. A secure perimeter alone cannot answer whether a passport was requested for the right purpose, who reviewed it, why it was retained, or when it should leave custody.
CVOR treats controls as layers. Authentication, authorization, encryption, audit logging, retention, and infrastructure hardening work together so document handling can be explained to compliance, legal, procurement, and operational stakeholders.
02 — ENCRYPTION
Application-layer encryption for sensitive personal records.
CVOR is built around AES-256-GCM application-layer encryption for sensitive document data. Application-layer encryption gives the platform a stronger custody model than relying only on storage-level controls, because cryptographic handling is part of the document workflow itself.
Object storage encryption remains part of the infrastructure posture, but it is not treated as the only protection. In production, the platform path includes external KMS integration so enterprise deployments can align cryptographic control with their governance requirements.
03 — ACCESS GOVERNANCE
Access is scoped before documents enter custody.
MFA
Mandatory multi-factor authentication protects platform access for enterprise users.
TENANT SCOPE
Per-tenant authorization keeps organizational boundaries explicit across workflows.
ROLE ACCESS
Role-aware controls limit sensitive document access to the people responsible for collection, review, or governance.
04 — AUDIT AND OBSERVABILITY
Every sensitive workflow needs an evidence trail.
IMMUTABLE LOGGING
Uploads, views, review actions, and lifecycle events are captured as append-only audit records.
OBSERVABILITY
Operational events are designed to support monitoring, review, and recovery conversations.
DEAD-LETTER RECOVERY
Failure handling is treated as part of the governance surface so operational exceptions can be reviewed.
TRACEABILITY
Audit records help answer who requested, submitted, accessed, reviewed, and governed each sensitive record.
05 — RETENTION
Lifecycle governance cannot depend on inbox discipline.
Retention and deletion controls are part of the document governance model. Automated retention sweeps, session expiry, and scheduled cleanup reduce reliance on manual behavior across teams that may be handling hundreds or thousands of sensitive records.
Retention enforcement helps organizations connect document custody to policy. A governed workflow should be able to distinguish between a record that is still needed for review, a record that must be retained for a defined period, and a record that should leave custody.
06 — COMPLIANCE POSTURE
Designed to support governance review without overstating certification status.
CVOR is built with ISO 27001-aligned controls across access control, cryptography, logging, retention, monitoring, backup and disaster recovery, and incident response. This means the platform is organized around control families that procurement and compliance teams recognize.
CVOR is designed for GDPR compliance by supporting purpose limitation, data minimisation, access control, lifecycle governance, and auditability for personal data workflows. It is not described as GDPR certified, because GDPR is a legal compliance framework rather than a product certification.
The architecture is prepared for SOC 2 through control design, traceability, and operational hardening paths. It should not be described as SOC 2 compliant unless and until the relevant audit process has been completed.
Discuss your security requirements with the team.
We review workflow scope, governance expectations, and deployment requirements before onboarding.