Security

Security controls for a practical procurement MVP.

ProcureDesk PK uses simple, auditable controls suitable for the MVP workflow. Production deployments should add organization-specific policies, backups, monitoring, and storage controls.

Email and password authentication with hashed passwords

Signed HTTP-only session cookies for dashboard access

Role-based access for Admin, Requester, Procurement Officer, and Approver

Secure tokenized quote links for vendor quotation submission

Server-side validation with Zod for core forms and quote submissions

Activity logging for important procurement actions

Database-backed audit history for approvals and quotation decisions