Security

Security you can explain

This page keeps it simple: what we do, how it helps, and where the boundaries are.

Trust in the log

A record you can trust

At live events, the log is the record. It is what you use for debriefs, audits, and the hard questions after the fact.

Shamira focuses on trust in that record: clear attribution, session tracking, and a history you can explain when it matters.

Risk-based security

Security should match real-world risk. Our users work in controlled backstage areas with physical security, so we focus on accountability, audit trails, and safe defaults.

Backups you can trust

Data is backed up continuously and streamed to off-site object storage. In simple terms: changes are copied out as they happen, so recovery is fast and dependable.

Clear operator trails

Shared workstations still need accountability. Operator sessions and unlocks are logged so you can trace activity by person and shift.

Defense-in-depth

Security that fits the field

Backstage operations already include gates, credentialed staff, and on-site security leadership.
Shamira adds software controls on top of that reality.
Incident attribution stays clean when you need it for debriefs, reports, or audits.

What we do today

Controls in production

Access controls

  • Single sign-on for staff.
  • Single-use login links sent by email.
  • Short-lived QR login tokens (single use).
  • API tokens stored as digests.

Operational safety

  • Idle lock overlay after inactivity.
  • Operator PIN lockout after failed attempts.
  • Admin reset of operator PINs.
  • Operator sessions logged for audit review.

Operational documents

  • Store and embed critical documents in context.
  • Security plans, gas/fire certificates, and permits.
  • Keep the operational record complete for debriefs.

Sensitive incidents

  • Break-glass access for sensitive incidents.
  • Similar to healthcare journals: protected from curious eyes.
  • Access is deliberate and auditable.

Guided by standards

Guided by these frameworks in how we run security.

NIST SP 800-63B
OWASP ASVS
SOC 2 TSC
ISO 27001
PCI DSS (if in scope)
GDPR Article 32

Security partnership

Want a deeper walkthrough or a tailored control map? Happy to share the details.

Talk to us