fig. 1 — security

Built like infrastructure. Treated like it.

PMOlikePRO is built by RAQIOM, whose founder comes from information security — and it shows in the defaults. Security here is not a checkbox page; it is how the system is shaped.

S-01

Tenant isolation

Every organization is a separate tenant. Row-level policies at the database enforce the boundary on every read and write — the interface is never the only guard.

S-02

Enforceable MFA

TOTP two-factor authentication for every account, and organizations can require it outright — un-enrolled accounts are held at the door.

S-03

Role-scoped access

Admin, manager, member, viewer — each role receives only its slice of the data. Members cannot read other teams’ projects or anyone’s rates; the data is simply never sent.

S-04

Server-side financial gating

Rates, budgets and costs exist server-side and are delivered only to manager and admin sessions — never shipped to a browser and merely hidden.

S-05

Audit trail

Sign-ins, permission changes and destructive operations are recorded. Business-tier organizations can export audit history.

S-06

Hardened entry points

Bot-challenged sign-in, rate-limited APIs, strict security headers and content-security policies on the web surfaces.

S-07

Encryption in transit & at rest

TLS on every connection, HSTS on every domain, and storage encrypted at rest on audited cloud infrastructure.

S-08

Data lifecycle

Archival keeps finished work reportable without bloating the active set; exports keep your data yours. Deletion means deletion, on request.

// responsible disclosure

Found something? Tell us first.

Report vulnerabilities to security@pmolikepro.com — see security.txt. Good-faith research is welcome; expect an acknowledgment within one business day.

on the road to launch: independent security review and a public status page are part of the launch program — this page states what is true today, not what a brochure wishes. Questions: contact@pmolikepro.com