TARE wordmark

Security

Security overview for evidence-sensitive lab records.

TARE is built for workflows where record integrity, operator attribution, tenant isolation, and reviewability matter. This page summarizes the security model at a buyer-review level; detailed questionnaires and packet artifacts are handled through the security packet path.

Request security packetReport a vulnerability

Security philosophy

TARE treats lab records, samples, evidence attachments, AI-assisted content, and exports as sensitive operational records. The platform favors least privilege, explicit review gates, tenant scoping, and auditability over broad automation claims.

  • Least-privilege access
  • Human review before official record entry
  • Tenant-scoped application queries
  • Audit-first mutation design

Authentication and authorization

The application uses authenticated user sessions, organization/workspace context, and role-based permissions for dashboard access and tenant-bound workflows. Sensitive access paths should be reviewed against the customer's configured roles and SOPs.

  • Email OTP / magic-link oriented auth
  • RBAC roles in app surfaces
  • Organization-scoped data access
  • Admin settings for team and access review

Tenant isolation and audit logging

Tenant-bound routes should enforce server-side organization, workspace, sample, or entity scoping. State-changing workflows that affect records, evidence, samples, billing, access, or compliance context should preserve audit/provenance evidence.

  • Tenant filters on server-side data paths
  • Secure audit events for critical mutations
  • Custody and evidence history where supported
  • Download/upload audit expectations

Sample audit and custody timeline

A redacted example custody timeline shows the kind of operator, record, attachment, hash, and review context a security or QA reviewer should expect to evaluate. It is an illustrative artifact, not a customer attestation.

Download sample custody timeline

Data storage and file handling

Attachments and exports are treated as part of the record context. Hashes and signed bundles can help detect tampering in represented data, but they do not prove scientific truth, workflow completeness, or compliance by themselves.

  • Attachment metadata
  • Hash context
  • Signed export bundles
  • Customer retention and validation responsibility

Monitoring and incident response

Operational incident response depends on deployment configuration, provider availability, and customer support scope. Request the security packet for the current incident-response summary and security-review artifacts.

  • Security packet request path
  • Vulnerability disclosure policy
  • Warrant canary
  • Privacy and data-processing pages