Engineering
MANA is built to enterprise security and reliability standards. The platform exists because the engineering team behind it has spent two decades shipping production software in regulated industries — automotive safety, energy infrastructure, and now arts.
Security
The platform targets OWASP ASVS Level 2 — the same security baseline used for commercial banking and healthcare applications. Authentication is delegated to a dedicated Keycloak instance with passkey support, brute-force protection, and session lifecycle controls. Every release is automatically scanned for vulnerabilities, secrets, and code-quality regressions before reaching production.
Multi-tenancy and data isolation
Each tenant's data is isolated at the PostgreSQL row-level-security layer. The application cannot accidentally read across tenants — the database enforces the boundary, not just the code. Isolation is tested in CI on every change.
GDPR and data sovereignty
All platform data is held on European servers — primarily Hetzner Germany — outside US jurisdiction. Personal data is minimised, retention policies are explicit, data subject requests are handled through documented procedures, and email delivery uses providers with EU-resident infrastructure.
Open architecture
The platform is built on widely-understood open-source components — SvelteKit, PostgreSQL, Valkey, BullMQ, Caddy, Keycloak. No proprietary lock-in at the infrastructure layer. The integration substrate is the value, not opacity.
Audited dependencies
Every third-party dependency has its updates reviewed through Renovate. CI-scan images are SHA-pinned. Container images are built reproducibly and signed with cosign. The supply chain is treated as a security boundary.
Operational transparency
Uptime, performance and error budgets are tracked on an in-house status page. Backups are tested via automated restore drills. Disaster recovery procedures are documented and rehearsed. The integrated management system is certified-ready for ISO 27001 and ISO 9001.