fig. 1 — security
Built like infrastructure. Treated like it.
PMOlikePRO is built by RAQIOM, whose founder comes from information security — and it shows in the defaults. Security here is not a checkbox page; it is how the system is shaped.
S-01
Tenant isolation
Every organization is a separate tenant. Row-level policies at the database enforce the boundary on every read and write — the interface is never the only guard.
S-02
Enforceable MFA
TOTP two-factor authentication for every account, and organizations can require it outright — un-enrolled accounts are held at the door.
S-03
Role-scoped access
Admin, manager, member, viewer — each role receives only its slice of the data. Members cannot read other teams’ projects or anyone’s rates; the data is simply never sent.
S-04
Server-side financial gating
Rates, budgets and costs exist server-side and are delivered only to manager and admin sessions — never shipped to a browser and merely hidden.
S-05
Audit trail
Sign-ins, permission changes and destructive operations are recorded. Business-tier organizations can export audit history.
S-06
Hardened entry points
Bot-challenged sign-in, rate-limited APIs, strict security headers and content-security policies on the web surfaces.
S-07
Encryption in transit & at rest
TLS on every connection, HSTS on every domain, and storage encrypted at rest on audited cloud infrastructure.
S-08
Data lifecycle
Archival keeps finished work reportable without bloating the active set; exports keep your data yours. Deletion means deletion, on request.
// responsible disclosure
Found something? Tell us first.
Report vulnerabilities to security@pmolikepro.com — see security.txt. Good-faith research is welcome; expect an acknowledgment within one business day.
on the road to launch: independent security review and a public status page are part of the launch program — this page states what is true today, not what a brochure wishes. Questions: contact@pmolikepro.com