All application traffic is encrypted with 256-bit SHA. The frontend pages make calls to the API and pass a token for a CRC check. This CRC check prevents tampering with the parameters that are passed to the API.
All API calls are regulated by an authentication mechanism that provides a token to the client. API accounts have fine-grained access and permission settings that are administered by the system administrator.
User profiles are stored and maintained in the platform database. All passwords are encrypted with the BCrypt algorithm.
Back office users have access to information that is available for the locations that are assigned to their account. Permissions can be set in fine detail per account. For each functional area of the application, permissions can range from None, to Reading, Updating (Edit) and Create/Delete (Admin).