Interpreting agencies handle protected health information, legal communications, and student records. IMP's security architecture was designed for these environments from day one — not bolted on later.
IMP doesn't rely on a single security mechanism. Multiple overlapping layers ensure that data stays protected at every level of the stack.
Postgres RLS policies on all 22+ tables ensure users can only access data belonging to their agency. Enforced at the database level — no application-layer bypass possible.
Three roles (Admin, Interpreter, Client) with distinct page access. Each portal shows only the data and actions relevant to that role.
Edge functions verify JSON Web Tokens on every API request. Expired, tampered, or missing tokens are rejected before reaching any data.
All user-submitted content is sanitized through an esc() function before rendering. Prevents cross-site scripting attacks from any input field.
API keys, SMTP passwords, and integration credentials are masked in the UI and stored securely. Never displayed in full after initial entry.
Stripe webhook signatures are verified on every event to prevent spoofed payment notifications. Invalid signatures are rejected and logged.
RLS policies are enforced by Postgres itself — not by application code. This means even if there were a bug in the frontend, a user could never query another agency's data. The database simply won't return it.
Every one of IMP's 22+ tables has RLS policies active. When multi-tenancy ships, this same mechanism ensures complete tenant isolation.
Each user role in IMP has a dedicated portal with access only to the pages and actions they need. Admins manage everything. Interpreters see their jobs and pay. Clients see their invoices and request interpreters. No overlap, no leakage.
Full platform access
Jobs, schedule, pay
Invoices, payments
Interpreters working in healthcare need HIPAA training. Those in education need FERPA awareness. Instead of managing this externally, IMP embeds training modules directly into the interpreter portal's Resources tab.
Interpreters complete training inside the platform — no external links to track, no separate LMS to manage. Modules include fullscreen toggle for focused learning.
When a hospital asks "are your interpreters HIPAA trained?" — the answer is built into the platform, not a separate spreadsheet.
IMP tracks 10 key actions across the platform: account saved, job broadcasted, interpreter confirmed (both paths), job completed, job cancelled, no-show marked, invoice generated, invoice voided, payment recorded, and billing edited.
Each entry records who did it, what they did, which entity was affected, the details of the change, and when it happened. Fire-and-forget logging ensures the audit system never blocks normal operations.
IMP includes a full End User License Agreement and Privacy Policy accessible from the platform. Both are linked from the login page and available to all users at any time.
When they ask about data protection, you'll have answers — built into the platform.