Built to defence requirements. Audited as such.

ARES implements a four-tier role hierarchy with strict data scoping. Each user sees only the records their role and organisational position permit. Multi-factor authentication is mandatory for all users. Session timeouts are enforced. Failed authentication attempts are logged and surfaced to administrators.

Row-level security is enforced at the database layer, not in application code. A bug in the application cannot expose data the database itself refuses to return.

Operational data stays inside the deployment perimeter. ARES deploys on-premise, in sovereign cloud, or in hybrid configurations — chosen by the customer. AES-256 encryption at rest. TLS 1.3 in transit.

In on-premise deployments, ADEON does not have access to customer operational data. In managed deployments, ADEON access is limited to support actions initiated by the customer and is fully logged.

Every document uploaded to ARES is virus-scanned before storage. Every download is served via cryptographically signed URL with 60-minute expiry — no permanent public links, no unauthenticated access. Retention policies are enforced at the data layer. Documents tagged for retention cannot be deleted before their retention period expires, even by administrators.

Every action in ARES generates an audit log entry. Every state change on every record. Every authentication event. Every administrative operation. Audit logs are immutable, accessible to authorised administrators, and exportable for external review.

There are no silent state changes. There are no actions that bypass the audit trail. Defence and regulated customers can produce a complete record of who did what, when, on demand.

Detailed security documentation, threat models, and deployment architectures available under NDA to qualified prospects.