Security and Privacy
The platform handles Tier-1 sensitive personal data (vulnerability status,
migration history) and interacts with multiple external stakeholders. The
Security and Privacy Plan (reference IOM-CMR-2025-REINT) ensures the
confidentiality, integrity, and availability (CIA) of beneficiary data.
Content Classification
All indexed content is tagged with a security classification that governs how it is processed and exposed:
Class |
Meaning |
|---|---|
GREEN |
Public / non-sensitive content. May be freely indexed and surfaced. |
YELLOW |
Internal content requiring controlled access. |
RED |
Sensitive content subject to strict handling and access restrictions. |
Privacy by Design
The plan implements privacy-by-design principles:
Informed consent (UC06) — beneficiaries manage explicit consents; consent is recorded in the
consent_recordstable.Data minimization and purpose limitation — only data necessary for recommendation and reintegration workflows is collected and retained.
Pseudonymization in AI processing — identifying fields are minimized before profiles are sent to the generative model.
Identity and Access Management
Access is governed by a role/permission model (roles, permissions,
role_permissions, user_roles, user_permissions) supporting the
permission_action_enum actions (CREATE, READ, UPDATE,
DELETE, PUBLISH, APPROVE, REVIEW, EXPORT, IMPORT,
MANAGE). On the clients, tokens are stored securely
(expo-secure-store on mobile) and session lifecycle is enforced (session
expiry handling, session_logs, login_history).
Application and AI Security
Secure partner integration — external redirection to partner sites is tracked through the application lifecycle (see Technical Architecture, Figure 6), and partner accounts are scoped by role.
AI engine security — prompts are constructed from minimized profile data; API keys (OpenRouter) are held in environment secrets and rotated.
Transport security — PostgreSQL connections support
requireSSL mode for traffic over untrusted networks (see Configuration).
Deployment Model
The reference architecture targets AWS (region af-south-1, Cape Town), with
Cloudflare providing CDN, DNS, DDoS protection, and SSL/TLS. The Security and
Privacy Plan additionally documents a self-hosted deployment on ST Digital
(Cameroon), including an infrastructure translation from the AWS reference
design and the specific security controls required for that environment.
Monitoring and Incident Response
Real-time monitoring of the infrastructure (see the deployment diagram, Deployment) and recording of
security_eventsandaudit_logs.Breach notification procedures defined in the plan.
A compliance roadmap justifying the architectural decisions and listing the compliance deliverables.