BlogTarifsDemander une démoTester Eli

Access controls

Executive Summary

Eli implements strict internal access controls to minimize security risks and protect customer data. Our principle of least privilege ensures that team members can only access the minimum systems and data necessary for their role, with comprehensive logging and monitoring of all administrative activities.

Internal Team Access Management

Principle of Least Privilege

  • Role-based access - Team members receive only permissions required for their specific responsibilities

  • Production access restrictions - Limited number of authorized personnel with production system access

  • Time-limited access - Temporary elevated permissions for specific maintenance tasks

  • Regular access reviews - Quarterly audits of team member permissions and access levels

Administrative Access Controls

  • Individual cloud provider accounts for MongoDB Atlas, Vercel, Firebase Console, and GitLab

  • Cloud provider IAM - Each service manages access through their own security systems

  • Multi-factor authentication enforced by cloud providers (Google, MongoDB, etc.)

  • Direct accountability through small team structure and personal account responsibility

Production Environment Security

Database Access Controls

  • MongoDB Atlas managed access with cloud provider security controls

  • Individual developer accounts with MongoDB Atlas authentication

  • Environment separation preventing development access to production data

  • Connection logging through MongoDB Atlas audit features

Application Access Management

  • GitLab-based deployment with code review requirements for production changes

  • Vercel automatic deployments from approved Git branches

  • Environment separation through cloud provider project isolation

  • API key management through individual cloud provider consoles

Data Access Governance

Customer Data Protection

  • Organizational data isolation - Technical barriers preventing cross-customer data access

  • Data minimization - Team members access only data necessary for support or maintenance

  • Anonymization tools for development and testing environments

Audit and Monitoring

  • Complete access logging - All administrative actions recorded with timestamps and user identification

  • Immutable audit trails stored securely for compliance and forensic analysis

For questions about our internal access controls or security procedures, contact: [email protected]

Last Updated: August 2025

PrécédentSecurity frameworkSuivantData protection & backups

Mis à jour