Security built into every layer
Your customer data, financials, and business operations deserve real protection — not an afterthought. Pillar enforces data isolation, access control, and input validation at the architecture level.
Protection at every level
From database queries to API responses, security controls are enforced automatically — not configured manually.
Data Isolation
Every table is scoped by company. A global interceptor enforces tenant context so data never leaks between accounts.
Role-Based Access Control
Four distinct roles — Owner, Dispatcher, Technician, Customer — each with enforced API-level permissions.
JWT Authentication
Short-lived access tokens with automatic refresh. Tokens stored in HttpOnly cookies, not localStorage.
Rate Limiting
Global and per-endpoint rate limits protect against brute-force attacks and API abuse.
Input Validation
Every request body validated with type checking. Unknown properties are stripped or rejected.
Audit Logging
Twenty event types tracked with actor, target, IP address, and change history. Available on the Enterprise plan.
Your data stays yours
Every database table is scoped to your company. A global interceptor enforces tenant context on every request — there is no way to accidentally query another company's data.
Company-scoped tables
Every table includes a company_id foreign key for complete row-level data separation.
Automatic tenant context
A global TenantInterceptor sets company scope on every request using thread-safe AsyncLocalStorage.
Subdomain detection
Companies are detected by subdomain in production. Reserved subdomains are automatically excluded.
Unique constraints per company
Job numbers, invoice numbers, and other sequences are unique within each company, not globally.
Multi-Tenant Architecture
Precision Plumbing
precision.pillar.com
Summit Roofing
summit.pillar.com
Sparkle Clean Services
sparkle.pillar.com
Every table includes company_id for complete row-level isolation
Role Permissions
Four roles, clear boundaries
Every API endpoint is protected by role decorators. Owners see everything. Dispatchers manage operations. Technicians see their jobs. Customers see only their own data.
Owner
Full access to all features, settings, and billing.
Dispatcher
Manage jobs, schedules, and customers. No admin access.
Technician
View assigned jobs, clock time, complete checklists.
Customer
Portal access to their own jobs, invoices, and equipment.
Secure by default, not by configuration
JWT tokens, password hashing, and session management are handled for you. No security plugins to install or configure.
JWT Tokens
15-minute access tokens with 7-day refresh tokens. Automatic rotation prevents stale sessions.
bcrypt Hashing
Passwords are hashed with bcrypt before storage. Plain text is never written to the database.
HttpOnly Cookies
Tokens stored in HttpOnly cookies — inaccessible to JavaScript and protected against XSS.
Multi-View Switching
Users with multiple roles switch views without re-authenticating. Session stays secure.
Abuse prevention at every endpoint
Global and per-endpoint rate limits protect your account from brute-force attacks, credential stuffing, and API abuse.
Enforced Limits
Global API
Per-IP baseline protection
Login
Prevents credential stuffing
Registration
Prevents mass account creation
Password Reset
Prevents reset abuse
Approval Links
Redis-backed per-token limiting
Every input validated, every output sanitized
DTOs enforce strict type checking on every request. Unknown properties are rejected. Inputs are validated before they reach business logic.
DTO Type Checking
Every endpoint validates request bodies with class-validator decorators. Invalid data is rejected before reaching business logic.
Whitelist Mode
Unknown properties in request bodies are automatically rejected. Only expected fields are accepted.
Server-Side Input Validation
All user-submitted content is validated with class-validator on every endpoint. Type checking, length limits, and format constraints prevent malicious payloads from reaching the database.
Email Normalization
All email fields are lowercased and trimmed automatically, preventing duplicate accounts from capitalization differences.
CORS Configuration
Cross-origin requests are restricted by environment. Credentials, rate-limit headers, and preflight caching are configured per deployment.
Soft Delete for Compliance
Deleted records are preserved with timestamps for audit trails and regulatory compliance. Eight models support soft delete.
Know exactly who did what, and when
Twenty event types tracked automatically — logins, password changes, role assignments, account lifecycle events. Each entry captures the actor, target, IP address, and old/new values.
Recent Audit Events
sarah@precisionplumbing.com via Chrome on macOS
mike@precisionplumbing.com changed from Technician to Dispatcher
unknown@example.com — invalid credentials (3rd attempt)
john@precisionplumbing.com deactivated by sarah@precisionplumbing.com
Security across the platform
These features build on and extend the security foundation.
See how Pillar protects your data
Schedule a demo and we will walk through the security architecture — data isolation, role controls, audit logging, and how it all works in practice.