Security & Trust

We take security seriously. Tickets by Sam-Antics includes practical safeguards to protect access, keep data separated by organization, and ensure actions are traceable.

Data & Attachments

Strict Organization Separation

Data is scoped by organization so users only access the records that belong to their district.

Secure Attachments

Attachments have size limits and are protected by permission checks. Only authorized users can preview or download files.

Audit Trail

Key ticket actions and changes are logged, helping teams review what happened and when.

Secure Hosting (HTTPS)

Traffic is served over HTTPS. Additional protections are provided at the hosting level by the platform environment.

Access Control

Role-Based Permissions

Permissions are based on role (End User, Agent, Organization Admin, App Admin, Superuser) so access stays aligned with responsibilities.

Service Area Isolation

Agents only see tickets within their assigned service areas (Technology or Facilities). This prevents unrelated teams from accessing tickets outside their operational scope.

Session Timeout

Inactive sessions automatically expire to reduce risk on shared or unattended devices.

Password Security

Passwords use secure hashing and validation rules. Admins can require a password change when needed.

Google Sign-In (Optional)

Supports Google Workspace sign-in for districts that prefer single sign-on.

Application Security

CSRF protections are enabled to help prevent common web attacks.
HTTPS enforcement is enabled (served through the hosting platform's HTTPS layer).
Secrets are stored as environment variables (not hardcoded in the codebase).
Administrative actions are restricted by role.

Menu