TOTP MFA, role-based access, session revocation, and a full audit log — why we prioritised compliance from day one, and how it protects your institution's data.
Queue management isn't an obvious target for security investment. The data involved — ticket numbers, wait times, service point activity — seems low-stakes. But the picture changes when you consider what LineUp actually stores: patient names and phone numbers in hospital OPDs, student records in university registration systems, staff identities and access permissions across every deployment.
For the institutions we serve — hospitals, universities, government agencies — a data breach isn't just a compliance problem. It's a public trust problem. We built LineUp with the security posture those institutions require, even before any customer asked us for it.
LineUp is a multi-tenant platform — many organizations run on the same infrastructure. The foundational security property of the system is that no tenant can ever see, query, or affect the data of any other tenant.
This isolation is enforced at the application layer on every API request, not just at the database level. Every request is validated against the authenticated user's organization context before any data is returned. There is no configuration option, no administrative bypass, and no support pathway that would allow cross-tenant data access.
Within each organization, access is managed through a role-based permission system. The default roles — SUPER_ADMIN, ADMIN, MANAGER, STAFF — each carry a specific set of permissions. Administrators can create custom roles with fine-grained permission sets tailored to their operational structure.
Permissions are enforced server-side on every request. Changing a role takes effect immediately — there is no cache delay, and the user's existing session reflects the updated permissions without requiring re-login. When a staff member leaves an organization, an administrator can revoke their access instantly from the Active Sessions dashboard.
All staff accounts support TOTP-based MFA — the same time-based one-time password standard used by banks and enterprise systems. MFA can be required by administrators across their entire organization, or enabled optionally per user.
MFA enrollment uses standard authenticator apps (Google Authenticator, Authy, etc.) — no proprietary hardware or SMS dependency for the authentication step. TOTP secrets are stored encrypted and are never exposed after initial setup.
LineUp maintains a live session registry. Administrators can see all active sessions for their organization — device, location, and last activity — and revoke any session immediately. Sessions have automatic expiry for inactive periods.
The Active Sessions view is available to administrators as a standard dashboard feature, not a separate security module. The intent is to make session hygiene easy enough that institutions actually practice it.
Every action in LineUp — every ticket call, every role change, every configuration modification, every login attempt — is recorded in an immutable audit log. Logs record the actor, the timestamp, the action, and the affected entity. Administrators can filter, search, and export their organization's audit trail.
Audit logs are read-only within the application — no user, including administrators, can delete or modify audit entries. This makes the log a reliable record for compliance reviews and internal investigations.
The LineUp platform includes anomaly detection that runs across authentication events: brute-force attempts, MFA bombing, unusual access patterns, and multi-account signals. Anomalies are flagged for platform administrators without any action required from tenant organizations.
This layer of monitoring means that even if a specific tenant's security posture has a gap — a shared password, an MFA enrollment they missed — the platform is watching for signals that suggest something is wrong.
Start your free 30-day pilot. No credit card, no commitment.
Start Free Pilot