We secure every User account and action on dealhead with layered authentication protocols, strict access controls, and continuous monitoring. From registration to account retirement, every step is designed to ensure that only the right Users have the right level of access.
Authentication and Identity Verification
Our authentication system ensures that only verified Users can access the platform. This includes:
Invitation-only registration with unique email links validated before sign-up
Automatic expiration of unused invitations
Mandatory multi-factor authentication (MFA) during first login and for sensitive actions
Session controls that expire sign-in tokens after 24 hours and require re-authentication for high-risk operations
IP-based anomaly detection to identify suspicious login activity
Password and Recovery Policies
We enforce strong password requirements: a minimum of 12 characters, with a mix of letters, numbers, and symbols. Account recovery is handled through a verified backup email or administrator-assisted identity check, ensuring that only legitimate Users can regain access.
Continuous Monitoring and Auditing
The platform is monitored in real time to detect unusual activity across authentication and access layers. Security operations include:
Quarterly penetration testing to identify and address vulnerabilities
Automated alerts for high-risk login patterns
Full audit logs for authentication events, permission changes, and account removals
Role-Based Access Control
Access permissions are tied to specific roles to prevent unauthorized changes:
Team Captains can add or remove members, assign roles, manage permissions, and control publishing
Regular Members can remove themselves from teams (unless they are the last remaining Team Captain)
This ensures that elevated privileges are only available to those with explicit responsibility.
Publishing-Based Access
Publishing-Based Access allows granular control over who can see and interact with a Project:
Default Access — When a Project is created, it is shared only with Users in the same Organization/Firm as the creator.
Expanding Access Within a Team — A Team Captain User can share the Project with other Organizations that are part of the same Team.
Cross-Team Access — When appropriate, a Team Captain User can share the Project with another Team on the same Project.
At every stage, publishing changes are intentional, require confirmation, and are logged for audit purposes. This ensures that Project visibility grows only when explicitly approved.
User Removal and Lifecycle Management
Account removal procedures are designed to preserve security and maintain necessary records:
Users with no project history are fully deleted
Previously active Users are marked as “Removed” to preserve an audit trail while revoking access
The last remaining Team Captain must assign a successor before leaving a team
Organization and Team Structure
Each User belongs to a single Organization, determined by their verified email domain. Public email addresses (e.g., generic webmail) create single-User Organizations. Users cannot hold memberships in multiple teams on the same Project, preventing cross-team data exposure.