Logwo logo

Security by design.

Logwo is built as a private, multi-tenant RFQ system with strict data isolation, strong encryption, and auditable workflows. Below is an overview of our current controls and roadmap.

Platform architecture (overview)

Core stack

  • Frontend: Next.js + TypeScript
  • API: Laravel 11 + Sanctum
  • Database: PostgreSQL with Row Level Security (RLS)
  • Cache/Queue: Redis
  • Storage: AWS S3
  • Region: AWS me-central-1 (UAE)

Isolation & boundaries

  • Strict tenant isolation using PostgreSQL RLS
  • Scoped API tokens via Sanctum
  • Principle of least privilege for services
  • Separate environments: staging vs production

Data protection

Encryption in transit

TLS 1.2+ for all public endpoints. HSTS and modern cipher suites where supported.

Encryption at rest

Database volumes encrypted at the storage layer; object storage (S3) encrypted with provider-managed keys.

File handling

Document uploads stored on S3 with time-limited signed URLs for access; antivirus scanning planned.

Access & identity

Authentication

Laravel Sanctum for first-party SPA/API auth. Optional SSO (SAML/OIDC) on the roadmap.

Authorization

Role-based access controls (Admin, Buyer, Vendor). Fine-grained policies enforced at the API + DB layers.

Audit trail

Key actions are recorded (RFQs, bids, awards, edits) with user/time context and export options.

Reliability & disaster recovery

Backups

Automated database snapshots with periodic restore tests. Object storage uses versioning where applicable.

Monitoring

Application metrics and error tracking across API, DB, and job queues with alerting on SLIs.

Incident response

Operational runbooks and escalation procedures. Customer notifications for material incidents.

Compliance roadmap

Data processing

Standard DPA for customers; tenant-scoped data access practices documented.

Records & retention

Configurable retention for RFQs, bids, and audit logs (per tenant policy).

Vulnerability management

Regular dependency scanning; security patches prioritized; pen-testing planned.

Business continuity

BC/DR documentation and restore RTO/RPO targets tracked and reviewed.

Subprocessors

ProviderPurposeRegion
AWSCompute, storage, networkingme-central-1 (UAE)
Mail service (SES/Mailgun)Transactional emailRegional, per tenant configuration

We will notify tenants of material changes to subprocessors in accordance with contract terms.

Responsible disclosure

Report a vulnerability

If you believe you’ve found a security issue, please contact us with steps to reproduce. We’ll acknowledge, investigate, and keep you updated.

  • Do not access or modify data that isn’t yours.
  • Avoid privacy violations and service disruption.
  • Act in good faith and within the law.

How to reach us

Use the dedicated security inbox for the fastest response.

security@logwo.com

Alternatively, write to hello@logwo.com.

Need a security review pack?

We can share an overview of our controls, architecture, and data flows under NDA.

Request pack