Security

Our Approach to Security

How Thinkbench protects customer data, platform integrity, and operational systems.

Overview

Security is a core operational concern for Thinkbench. Our platform processes sensitive procurement, supplier, and commercial data on behalf of our customers, and we take the responsibility of protecting that data seriously.

As a growing software company, our security posture continues to mature. This page reflects our current practices and commitments — we update it as our platform evolves.

Authentication and Access Control

Platform access is governed by authentication and role-based authorisation controls:

  • User authentication is required for all platform access
  • Role-based access controls restrict data and functionality by user role and account scope
  • Administrative access to production systems is limited and controlled
  • Sessions are time-limited and invalidated on logout or credential change

Multi-Tenant Data Isolation

Customer data is logically isolated between tenants at the application layer. All data queries and access paths are scoped to the authenticated tenant, preventing cross-tenant data access.

Data isolation is enforced in application code and validated as part of the development process for all data-access changes.

Encryption

  • All data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using platform-managed encryption provided by the hosting infrastructure
  • Sensitive configuration values and credentials are managed through secure environment and secrets management tooling, not stored in source code

Audit Logging

Key platform operations — including user authentication, data access, uploads, and workflow actions — are logged to support auditability, troubleshooting, and security monitoring. Logs are retained and protected from unauthorised modification.

Upload and File Controls

The platform supports user-uploaded files, including spreadsheets and procurement documents. Upload handling includes:

  • File type validation and size limits
  • Tenant-scoped storage isolation
  • Processing in controlled server-side environments
  • No direct execution of uploaded content

Infrastructure and Hosting

Thinkbench platforms are hosted on reputable cloud infrastructure providers with established security certifications and compliance programmes.

Production and development environments are separated. Access to production infrastructure is restricted to authorised personnel.

Secure Development Practices

  • Code changes are reviewed before deployment to production
  • Dependencies are monitored and updated to address known vulnerabilities
  • Common web application vulnerabilities (OWASP Top 10) are considered during development
  • Input validation and output encoding are applied at system boundaries
  • Secrets and credentials are never committed to source control

Incident Response

In the event of a confirmed security incident affecting customer data, Thinkbench will:

  • Investigate and contain the incident promptly
  • Notify affected customers in accordance with applicable legal obligations
  • Take reasonable steps to prevent recurrence
  • Document and review the incident to improve our response capability

South African data breach notification obligations under POPIA will be observed where applicable.

Responsible Disclosure

If you believe you have discovered a security vulnerability in our platform or website, we ask that you report it to us privately so we can investigate and address it promptly.

Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and remediate. We will acknowledge your report and work with you in good faith.

Report security issues via our contact page, noting “Security Disclosure” in your subject.

Contact

Security questions or concerns may be directed to:

Last Updated: 24 May 2026