Security at MortisOS
MortisOS handles decedent records, family communications, cremation authorizations, and financial data. This page explains how we keep that information protected and how operators stay in control.
Role-based access control
Every user is assigned one or more roles — owner, location manager, funeral director, arranger, apprentice, crematory operator, accounting, or family. Each role unlocks only the routes and actions it needs. Cremation releases, discount approvals, and admin configuration are gated to specific privileged roles. The UI hides actions a user cannot take, and the backend re-enforces the same rules on every request.
Audit logging
Compliance-sensitive actions write to a single per-case audit trail: stage changes, task escalations, cremation checkpoints, document uploads and deletions, signature requests, arrangement edits, discount approvals, payment status, and admin configuration changes. The trail records who, what, when, and — where relevant — the values before and after the change. Audit history is searchable for compliance review.
Data isolation
Customer data is segregated by location and case via row-level security. Family users only see their own case. Staff only see cases in locations they are assigned to. Service-role access is reserved for verified system jobs and never exposed to the browser.
Compliance-aware workflow
Cremation cases are gated by state-specific compliance rules — hold periods, authorizing-agent signatures, permits, and medical examiner releases. When a gate blocks progress, the system surfaces which rule applies and what is missing, so operators never have to guess what the regulator expects.
Backups and availability
The platform runs on managed cloud infrastructure with automated database backups and point-in-time recovery. Backups are retained per provider defaults; restore windows are reviewed during onboarding.
Implementation and support
New customers go through a guided implementation that covers location setup, user/role provisioning, catalog and pricing import, document requirements, and a staff training pass. Support is available by email during business hours; urgent operational issues are triaged the same day.
Security questions or incident reports: security@mortisos.com