← Back to Architecture

Security Architecture

Multi-layered security controls, authentication, and data protection

Security Layers

🔐 Authentication

  • • JWT token-based auth
  • • Access + Refresh tokens
  • • OAuth 2.0 (Google, Apple)
  • • Session management
  • • Token expiration

🔑 Password Security

  • • bcrypt hashing (cost 12)
  • • Salted passwords
  • • Password strength rules
  • • Secure reset flow
  • • Passlib validation

🛡️ Data Protection

  • • TLS 1.3 encryption
  • • Data at rest encryption
  • • Secrets in environment
  • • PII redaction in logs
  • • Secure headers (HSTS)

🚦 Access Control

  • • Role-based access (RBAC)
  • • User-level isolation
  • • API rate limiting
  • • CORS policies
  • • Request validation

🔍 Monitoring

  • • Security event logging
  • • Failed auth tracking
  • • Anomaly detection
  • • Audit trails
  • • Real-time alerts

☁️ Cloud Security

  • • GCP Secret Manager
  • • IAM policies
  • • VPC isolation
  • • Signed URLs (GCS)
  • • Container scanning

Compliance & Standards

✅ GDPR Compliance

  • ✓ Right to access
  • ✓ Right to deletion
  • ✓ Data portability
  • ✓ Consent management
  • ✓ Privacy by design

🏥 HIPAA Readiness

  • ✓ PHI encryption
  • ✓ Access controls
  • ✓ Audit logging
  • ✓ Data backups
  • ✓ Breach notification
← Previous: Technology ArchitectureNext: AI Architecture →