Security & Compliance

Your data is safe with us

Premis is built with security at every layer — from infrastructure to application code. Here's exactly how we protect your facility data.

PDPA CompliantMalaysia Personal Data Protection Act 2010
AWS HostedAsia Pacific (Singapore) region
TLS 1.2+All data encrypted in transit
AES-256All data encrypted at rest
SST RegisteredMalaysia Sales & Service Tax
CIDB AlignedConstruction Industry workflows

Infrastructure Security

  • Hosted on AWS Asia Pacific (Singapore) — ap-southeast-1 region
  • Auto-scaling infrastructure with 99.9% uptime SLA
  • Daily automated backups with 30-day retention
  • DDoS protection via AWS Shield Standard
  • Private VPC with no direct public database access

Data Encryption

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for all data at rest
  • Database credentials stored in AWS Secrets Manager
  • JWT tokens signed with 64-byte cryptographically random secrets
  • Passwords hashed with bcrypt (cost factor 10)

Access Control

  • Role-based access control (RBAC) with granular permissions
  • Row-level security — tenants cannot access each other's data
  • Complete audit trail for all administrative actions
  • Session management with refresh token rotation
  • Configurable SSO via SAML 2.0 (Enterprise plan)

Authentication

  • Secure JWT-based authentication with short expiry
  • Refresh token rotation on every use
  • Rate limiting on all authentication endpoints
  • Account lockout after repeated failed attempts
  • LDAP / Active Directory integration (Enterprise plan)

Network Security

  • All API endpoints protected by rate limiting
  • CORS configured to allow only authorised origins
  • HTTP security headers (HSTS, CSP, X-Frame-Options)
  • SQL injection prevention via parameterised queries (Prisma ORM)
  • Input validation and sanitisation on all endpoints

Compliance

  • Malaysia PDPA 2010 compliant
  • Data processing agreement (DPA) available for Enterprise
  • Right to access, correct, and delete personal data
  • Data residency in Singapore (AP region)
  • SST registered — invoices issued with proper tax documentation

Data stays in Southeast Asia

All Premis data is stored and processed on AWS infrastructure in the Asia Pacific (Singapore) region. This ensures:

  • Low latency for Malaysian users
  • Data does not leave Southeast Asia
  • Compliance with Malaysian data residency expectations
  • PDPA-aligned data processing
🇸🇬

AWS ap-southeast-1

Singapore Region

All systems operational

Responsible Disclosure

Found a security vulnerability? We take all reports seriously. Please email us at security@premis.my with details. We commit to acknowledging reports within 24 hours and resolving critical issues within 72 hours.

Report a vulnerability

Have specific security requirements? Talk to our team.