Security and trust
Operational controls built for live booking systems
First Wave Logic is designed around production reservation workflows where booking integrity, payment state, manifest accuracy, and staff approval trails matter. This page summarizes current platform controls and expected governance posture.
Access control
Role-based admin and mobile access, token-based mobile auth, and per-user alert ownership gates help limit who can approve or operate sensitive workflows.
Payment boundaries
Payment metadata, merchant-of-record settings, native checkout controls, and processor-aware refund handling are tracked explicitly instead of being hidden behind generic booking state.
Workflow approvals
AI-assisted operational actions can be held in approval-required mode so booking moves and related changes remain under operator review until trust thresholds are met.
Operational records
Bookings, payment state, source channels, waiver status, reminders, check-in events, and mobile action responses are preserved as structured platform records for auditability and recovery.
Connector posture
Connector routes support authenticated inbound bookings and source-aware webhook handling so operators can migrate gradually without losing channel visibility. Recent activity timestamps, source labels, and service-date reporting reduce silent-failure risk.
Mobile operations
Crew workflows are separated from browser sessions through dedicated mobile tokens, push-device registration, and action endpoints for alerts, manifest views, and check-in operations.
Current limitations
This page is not a substitute for a full legal security program, penetration-test report, or compliance certification. Formal security policy, vendor questionnaires, and incident-response language should be finalized before enterprise sales or regulated deployments.