Security & data isolation
Noviq is multi-tenant software built on the assumption that your roster, hours and pay data are sensitive. The short version: workspaces are isolated, writes are server-side and audited, and your data stays yours.
Per-workspace isolation
Each workspace lives on its own subdomain and its own data scope. Members of one workspace cannot read another's data; inside a workspace, role gates (employee / finance / manager / admin) scope what each person sees.
Sign-in done once, properly
Authentication runs on Firebase Auth at a single canonical origin. Sessions ride a scoped cookie; workspace subdomains never handle credentials directly.
Server-side writes with an audit log
Browsers cannot write to the database directly — every change goes through a server action that checks the caller’s role and records an audit entry: who, what, when. Free-text content is redacted from the log.
Your data stays yours
If a plan lapses, the workspace becomes read-only — nothing is deleted. Timesheets and decided leave are retained as statutory wage records; you can export your data at any time, and employees can always export their own timesheet.
Privacy & compliance
A signed DPA, a public subprocessor list, cookie consent that defaults to off, and an accessibility statement targeting WCAG 2.1 AA (IS 5568) — the paperwork lives on the legal pages, versioned, in both languages.