Security & Trust
OhioMade handles real businesses, real people, real payroll records, real infrastructure access, real documents, real inventory, real billing, and real operational history. Security is not a slogan here — it is the foundation of how the platform is structured.
The core rule is simple: OhioMade owns the identity layer. Businesses authorize relationships. That means people keep their identity, while businesses control what that person can access inside a specific business context.
Platform security model
Identity sovereignty
A person’s OhioMade identity survives business changes. Businesses do not own users. Businesses authorize memberships, roles, scopes, and realm access for the relationship they control.
Identity v2 at the center
One identity system powers authentication, sessions, business context, realm access, scopes, memberships, and cross-app continuity. Apps do not create shadow login systems.
Business-context isolation
Every operational request must know which business context is active. Business IDs and ownership context prevent one business from leaking into another, even when one user belongs to multiple businesses.
Realm-based access
Payroll, Workforce, PaperTrail, VPN, Billing, Reports, Community, Webmail, and other systems are treated as realms. Realm access controls entry, while scopes control what a user can do.
Least-privilege scopes
Access is not based only on “admin” or “owner.” OhioMade is moving toward scope-aware authority so users receive only the permissions needed for their role and operational task.
Session-aware operations
Operational actions are tied to authenticated sessions and active user identity. This supports accountability across app switching, AI assistance, admin actions, and business-scoped workflows.
Sensitive records and onboarding
PaperTrail owns documents
Payroll does not become the storage bucket for every sensitive file. Identity documents, onboarding forms, W-4, I-9, W-9, and verification files belong in PaperTrail where review, approval, and audit history can be controlled.
Payroll readiness gate
Employees do not move into payroll processing just because a name exists. Payroll readiness depends on approved onboarding records, active worker status, pay settings, and valid time or pay data.
Workforce bridge layer
Workforce connects Identity, PaperTrail, and Payroll. It tracks worker state, operational readiness, timesheets, approvals, and whether a person is ready for downstream payroll execution.
Data minimization
Sensitive information should only live where it belongs. Payroll receives the approved status and minimum fields needed to pay correctly, while document-heavy records stay in PaperTrail.
Controlled review states
Onboarding and document workflows support submitted, approved, missing, rejected, and resubmission states so the platform can explain why someone is or is not ready for the next operational step.
Audit-ready onboarding
The onboarding pipeline is designed to preserve who submitted, who reviewed, what was missing, what was approved, and when the worker became ready for Workforce or Payroll.
Billing, entitlements, and infrastructure
Entitlement-aware access
OhioMade does not treat payment as separate from access. Billing state, subscriptions, device limits, seat limits, and service ownership can determine whether a realm or infrastructure service is active.
Person-owned services
Some services can belong directly to the person, not a business. Personal VPN proves this model by attaching access to the OhioMade identity rather than a business account.
Business-owned services
Businesses can also own services such as VPN, Webmail, Community, Workforce, Payroll, Reports, and infrastructure bundles. Access is scoped to the active business relationship.
VPN as security proof
OhioMade VPN proves real infrastructure enforcement: WireGuard devices, personal and business scopes, device limits, QR/config downloads, subscription checks, and auditable device actions.
Stripe-ready commercial layer
The commercial layer is designed to support checkout, subscriptions, transactions, billing ownership, invoice history, and entitlement state without breaking the identity model.
Infrastructure isolation
Infrastructure services are separated by scope and ownership. A personal VPN device is not the same as a business VPN device, and the platform treats those differences as security boundaries.
Operational AI security
Business-aware AI
OhioMade AI is scoped to the active business. A question asked inside one business context should not expose records, employees, billing, documents, or operational state from another business.
Realm-aware AI
AI assistance changes by realm. Payroll questions, Workforce questions, PaperTrail questions, Billing questions, and VPN questions should resolve through the correct operational context.
Resolver-first answers
Operational AI should prefer trusted platform resolvers for known business questions instead of inventing generic answers. Real records should drive answers when the system can resolve them safely.
Access-aware responses
AI should respect the same business context, realm access, and scope rules as the rest of OhioMade. Assistant output must not become a shortcut around authorization.
Operational explanation
The assistant is designed to explain readiness, blockers, missing records, payroll state, onboarding status, and business operations without exposing data outside the active scope.
Human-controlled actions
AI can help explain and guide operations, but sensitive actions should remain protected by explicit permissions, confirmations, POST requests, CSRF checks, and audit logs.
Operational trust controls
Audit-friendly by default
Important actions should answer: who did it, what business it affected, what realm it happened in, what changed, and when it happened.
POST-only sensitive actions
Sensitive workflows should avoid destructive GET actions. Create, update, approve, import, revoke, delete, and status-change actions should use POST with CSRF protection.
CSRF protection
Business actions should use CSRF tokens so authenticated users cannot be tricked into submitting operational changes from another page.
Shared mail trust
Transactional email is centralized through OhioMade shared mail helpers and routed through the confirmed Postfix and Amazon SES pipeline for consistent branded operational communication.
Mobile-safe security
Security has to work on the device operators actually use. OhioMade uses mobile-first layouts, iOS-safe inputs, tap-safe controls, and shared hardening to reduce mistakes during real operations.
Smaller blast radius
Realms are separated by design. This keeps responsibilities clear, reduces accidental cross-system damage, and makes the platform easier to audit and maintain.
Built for real operators
Security that only works in a boardroom does not survive on the retail floor. OhioMade is built for operators who need strong controls without slowing down daily business.
The platform goal is practical security: identity stays clean, businesses stay isolated, sensitive documents stay in the right system, payroll stays gated, infrastructure access stays entitled, AI stays scoped, and important actions leave an audit trail.