Security

Your data. Your control.
Enterprise-grade security.

Varda Forms is designed with security at its core. As a self-hosted solution, your data never leaves your infrastructure — giving you complete control over your most sensitive information.

Self-Hosted Architecture

Your data stays on servers you own and control. We never have access to your operational data, form submissions, or user information.

Data Sovereignty

Keep your data in your jurisdiction. Meet Canadian PIPEDA, provincial privacy laws, and US state requirements by controlling where your data resides.

Complete Audit Trail

Every action is logged with timestamps and user attribution. Demonstrate compliance with immutable records that can't be altered.

Security Features

Built-in protection at every layer

Authentication & Access Control

  • Secure password hashing

    Passwords are hashed using bcrypt with industry-standard salt rounds

  • Role-based access control (RBAC)

    Granular permissions ensure users only access what they need

  • Session management

    Secure session tokens with configurable expiration and automatic logout

  • SSO integration

    Support for Single Sign-On with your existing identity provider

  • Multi-factor authentication (MFA)

    Optional MFA for additional account security

Data Protection

  • Encryption in transit

    All data transmitted using TLS 1.2+ encryption

  • Encryption at rest

    Database encryption supported for sensitive data fields

  • Secure file storage

    Uploaded files stored with access controls and optional encryption

  • Data isolation

    Complete separation between different departments and user groups

  • Backup & recovery

    Built-in backup tools with point-in-time recovery capabilities

Audit & Compliance

  • Complete audit logging

    Track every form submission, approval, edit, and user action

  • Tamper-proof records

    Immutable audit trails with cryptographic verification

  • Chain of custody

    Full history of who accessed, modified, or approved each record

  • Retention policies

    Configurable data retention to meet regulatory requirements

  • Export capabilities

    Generate compliance reports for auditors in multiple formats

Application Security

  • Input validation

    All user inputs are validated and sanitized to prevent injection attacks

  • CSRF protection

    Cross-Site Request Forgery tokens on all state-changing operations

  • XSS prevention

    Content Security Policy and output encoding prevent script injection

  • SQL injection protection

    Parameterized queries and ORM usage prevent database attacks

  • Security headers

    HSTS, X-Frame-Options, and other headers configured by default

Network & Infrastructure

  • Firewall recommendations

    Deployment guides include firewall configuration best practices

  • Minimal attack surface

    Only necessary ports and services exposed by default

  • Offline capability

    Mobile apps work offline, reducing network exposure

  • Secure updates

    Signed software updates to prevent tampering

  • Deployment flexibility

    Run behind your existing VPN, proxy, or security appliances

User Security

  • Password policies

    Configurable password complexity and expiration requirements

  • Account lockout

    Automatic lockout after failed login attempts

  • User provisioning

    Centralized user management with quick deprovisioning

  • Activity monitoring

    Track user logins, actions, and detect anomalies

  • Secure mobile access

    Mobile apps with secure local storage and session management

Compliance

Designed for regulatory requirements

Varda Forms helps you meet occupational health and safety regulations, privacy laws, and industry standards across Canada and the USA.

Occupational Health & Safety

  • WorkSafeBC
  • Alberta OHS
  • Saskatchewan WCB
  • Manitoba WSHC
  • Ontario OHSA
  • OSHA (USA)

Privacy & Data Protection

  • PIPEDA (Canada)
  • Provincial privacy laws
  • CCPA (California)
  • State privacy laws (USA)
  • GDPR (if applicable)

Industry Standards

  • COR (Certificate of Recognition)
  • SECOR
  • ISNetworld
  • ComplyWorks
  • Avetta

Documentation Requirements

  • Complete audit trails
  • Chain of custody
  • Retention policies
  • One-click exports
  • Digital signatures
The Self-Hosted Advantage

Why self-hosted is more secure

With cloud-based solutions, your safety records, employee information, and operational data live on servers controlled by third parties. With Varda Forms:

  • Your data never leaves your network

    Form submissions, employee records, and attachments stay on your infrastructure

  • No vendor lock-in

    You own your data completely — export everything, anytime

  • No third-party data breaches

    Your security is not dependent on another company's security practices

  • Works behind your firewall

    Integrate with your existing security infrastructure and policies

  • Offline capability

    Field crews can work without internet, reducing attack surface

Your Infrastructure
Varda Forms Server
Your Database
Your File Storage
Your Users
Web
Mobile
Offline

Questions about security?

Our team is happy to discuss security requirements, compliance needs, or answer any questions about our architecture.

Contact Us [email protected]