This overview summarises the practical controls used to protect this Total Track installation.
Hosting And Network Access
Total Track is hosted on an Ubuntu server administered only by the system owner. Server administration is restricted to SSH over Tailscale with key-based authentication. Public access is handled through Cloudflare tunnels and domain routing, exposing only the intended application routes.
Application Isolation
The frontend, backend, database, and email development service run in Docker containers. The backend is the source of truth for permissions, media access, draft visibility, parent/carer links, and admin actions.
Accounts And Authentication
Passwords are salted and hashed. Senior Leadership accounts use email two-factor authentication. High-risk Senior Leadership actions require email confirmation by the requester and, where another active Senior Leadership member exists, approval from another Senior Leadership member.
Deletion Controls
Young people are archived before deletion. Senior Leadership reviews scheduled deletion and can confirm deletion, restore the young person, or wait one week. Early deletion of an archived young person uses the protected approval process.
Backups
Off-site backups are kept on a separate machine using the same Ubuntu, Tailscale-only, and SSH key access model. Only 30 daily backups are retained; older backups are deleted.
Secrets And Providers
The only external providers currently used are Resend for email delivery and Cloudflare for tunnels and domain routing. Provider keys and deployment secrets are stored in a .env file ignored by git.
Device Security
The laptop used to administer the system is protected with BitLocker full-disk encryption and fingerprint login.
Summary
The deployment uses layered controls: restricted server access, Tailscale-only administration, SSH keys, Docker isolation, Cloudflare-limited exposure, hashed passwords, Senior Leadership email two-factor authentication, protected approvals, controlled deletion workflows, off-site backups with limited retention, and protected administrator hardware.