Security & Compliance

Enterprise-Grade Security

Defense-in-depth with multiple protection layers. ContentAtlas implements security by design—protecting your sensitive financial data through authentication, authorization, transaction safety, and complete audit visibility.

Book Strategy Session Back to Overview
Security Architecture

Six Layers of Protection

Every data migration is protected by multiple security mechanisms working together to ensure data integrity and confidentiality.

Security Layer Mechanism Protection
Authentication API key hashing (bcrypt) Credentials never stored in plaintext
Authorization Organization-level isolation Multi-tenant data separation
Input Validation Pydantic schemas Prevents injection attacks
Transaction Safety Atomic operations + table locks No partial inserts
Protected Tables Deny-list enforcement System tables inaccessible
Audit Trail Import tracking + rollback history Complete change visibility
Authentication

API Key Management

ContentAtlas uses bcrypt hashing for API keys with organization-level isolation for multi-tenant security.

API key management interface with masked keys

API keys are hashed with bcrypt - credentials never stored in plaintext

Transaction Safety

Atomic Insert Pattern

All-or-nothing database operations ensure your data never exists in a partial, corrupted state.

1 Acquire table lock
2 Begin transaction
3 Insert records
Commit
Rollback

One-Click Rollback

ContentAtlas maintains complete rollback history. Click "Undo Import #12345" to revert all changes atomically.

Rollback interface showing before/after state

Undo any import with one click - complete rollback to previous state

Atomic Pattern

Transaction Implementation

Python context manager ensures proper lock acquisition and release, with automatic rollback on any failure.

python 
with TableLockManager.acquire(table_name):
    # Begin transaction
    insert_result = insert_records(engine, table_name, records)
    # If ANY step fails, entire transaction rolls back
    
    # Guarantees:
    # ✓ All-or-nothing inserts
    # ✓ No orphaned partial records
    # ✓ Consistent target state

All-or-Nothing Inserts

Every record in a batch succeeds or the entire batch rolls back. Your database is never left in an inconsistent state.

No Orphaned Records

Partial inserts are impossible. Foreign key relationships and table dependencies are maintained atomically.

Consistent Target State

The target database is always in a valid, self-consistent state—ready for production use immediately after import.

Duplicate Detection

Preventing Accidental Double-Imports

Two-level duplicate detection ensures data integrity at both the file and row level.

File-Level

SHA-256 Fingerprinting

Each uploaded file is fingerprinted using SHA-256 cryptographic hashing. Identical files are immediately flagged as potential duplicates.

file_hash = hashlib.sha256(file_content).hexdigest()

Same file cannot be uploaded twice without explicit force flag.

Row-Level

Uniqueness Columns

Define unique constraint columns to detect matching records even with minor data variations.

{"uniqueness_columns": ["customer_id", "transaction_date"], "update_on_duplicate": true}

NULL-safe comparison with configurable merge strategy.

Data Integrity

Rollback Capabilities

ContentAtlas maintains row-level rollback history, enabling complete undo of any import operation.

Action Data Captured Can Undo?
Import Insert Full record Yes (archive + delete)
Update on Duplicate Before/After values Yes
Value Replacement Original + Replacement Yes
Validation Correction Failure + Resolution Yes
Audit & Compliance

Audit Trail Dashboard

Every import, validation, and transformation is logged with timestamps, user info, and full record details for compliance auditing.

Audit dashboard with queryable logs and export options

Complete audit trail with filters, search, and compliance report exports

Audit & Compliance

Import Tracking Schema

Every import operation is logged with complete metadata for compliance and debugging.

sql 
CREATE TABLE import_history (
    import_id UUID PRIMARY KEY,
    organization_id UUID NOT NULL,
    table_name VARCHAR(255) NOT NULL,
    file_name VARCHAR(500),
    file_hash VARCHAR(64),           -- SHA-256
    records_processed INTEGER,
    records_inserted INTEGER,
    records_updated INTEGER,
    duplicates_found INTEGER,
    duplicates_skipped INTEGER,
    validation_errors INTEGER,
    values_replaced INTEGER,
    started_at TIMESTAMP,
    completed_at TIMESTAMP,
    FOREIGN KEY (organization_id) REFERENCES organizations(id)
);
Audit & Compliance

Validation Failure Log

Every validation error is captured with the original record data for post-import review and resolution.

sql 
CREATE TABLE import_validation_failures (
    id SERIAL PRIMARY KEY,
    import_id UUID NOT NULL,
    record_number INTEGER,
    record_data JSONB,
    validation_errors JSONB,
    resolved_at TIMESTAMP,
    resolution_action VARCHAR(50),
    created_at TIMESTAMP DEFAULT NOW()
);
Audit Endpoints

Queryable Audit API

RESTful endpoints for accessing import history, validation failures, and rollback operations.

Endpoint Method Purpose
/import/{id}/validation-failures GET List validation errors for review
/import/{id}/rollback-all POST Revert all changes from import
/import/{id}/issues?type=duplicates GET Review skipped duplicates
/import/{id}/issues?type=value_replacements GET Review auto-corrected values

Complete the picture

ContentAtlas keeps inbound data safe. Helm keeps outbound agents gated.

Helm extends your security posture to LLM agents — every API call and MCP tool invocation checked against deterministic policy rules before touching a real system. SOC 2, GDPR, and EU AI Act aligned.

See Helm →

Trust ContentAtlas with Your Sensitive Data

Book a strategy session to discover how ContentAtlas delivers enterprise-grade security for your financial data migration—atomic transactions, complete audit trails, and rollback capabilities.

Book Strategy Session Explore Features