Security & Compliance
Your data is safe with us
Premis is built with security at every layer — from infrastructure to application code. Here's exactly how we protect your facility data.
PDPA CompliantMalaysia Personal Data Protection Act 2010
AWS HostedAsia Pacific (Singapore) region
TLS 1.2+All data encrypted in transit
AES-256All data encrypted at rest
SST RegisteredMalaysia Sales & Service Tax
CIDB AlignedConstruction Industry workflows
Infrastructure Security
- Hosted on AWS Asia Pacific (Singapore) — ap-southeast-1 region
- Auto-scaling infrastructure with 99.9% uptime SLA
- Daily automated backups with 30-day retention
- DDoS protection via AWS Shield Standard
- Private VPC with no direct public database access
Data Encryption
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for all data at rest
- Database credentials stored in AWS Secrets Manager
- JWT tokens signed with 64-byte cryptographically random secrets
- Passwords hashed with bcrypt (cost factor 10)
Access Control
- Role-based access control (RBAC) with granular permissions
- Row-level security — tenants cannot access each other's data
- Complete audit trail for all administrative actions
- Session management with refresh token rotation
- Configurable SSO via SAML 2.0 (Enterprise plan)
Authentication
- Secure JWT-based authentication with short expiry
- Refresh token rotation on every use
- Rate limiting on all authentication endpoints
- Account lockout after repeated failed attempts
- LDAP / Active Directory integration (Enterprise plan)
Network Security
- All API endpoints protected by rate limiting
- CORS configured to allow only authorised origins
- HTTP security headers (HSTS, CSP, X-Frame-Options)
- SQL injection prevention via parameterised queries (Prisma ORM)
- Input validation and sanitisation on all endpoints
Compliance
- Malaysia PDPA 2010 compliant
- Data processing agreement (DPA) available for Enterprise
- Right to access, correct, and delete personal data
- Data residency in Singapore (AP region)
- SST registered — invoices issued with proper tax documentation
Data stays in Southeast Asia
All Premis data is stored and processed on AWS infrastructure in the Asia Pacific (Singapore) region. This ensures:
- Low latency for Malaysian users
- Data does not leave Southeast Asia
- Compliance with Malaysian data residency expectations
- PDPA-aligned data processing
🇸🇬
AWS ap-southeast-1
Singapore Region
All systems operational
Responsible Disclosure
Found a security vulnerability? We take all reports seriously. Please email us at security@premis.my with details. We commit to acknowledging reports within 24 hours and resolving critical issues within 72 hours.
Report a vulnerabilityHave specific security requirements? Talk to our team.