March, 2026 – Delivering Security, Data and Migration Enhancements
In March, these plans turned into concrete, platform‑wide releases. We strengthened tenant isolation in critical APIs, improved protection around core policy documents, enhanced our data‑warehouse governance, streamlined BI deployments and introduced safer, API‑driven migration options. Together, these updates help you operate with greater confidence, unlock more from your data and scale your business on Seamless more efficiently.
Security & Platform Hardening
1. Cross‑tenant protection for finance support APIs
- Component: Seamless Administration / Finance
We’ve strengthened tenant isolation in our finance APIs. When back‑office automations or integrations call payment and accounting endpoints, Seamless now verifies that the tenantId in the payload always matches the authenticated tenant. Any cross‑tenant mismatch is blocked with a secure 403 response. This reduces the risk of data leakage between environments and ensures finance operations are always executed within the correct tenant context.
2. Reserved usage protection for custom policy documents
- Component: Underwriting / Documents
To protect core policy and termination workflows, we’ve tightened validation on the APIs used to generate custom policy documents. System‑reserved document usages (such as “Policy” and “TerminationLetter”) can no longer be used through the generic user‑defined document APIs. This prevents accidental or unauthorized overwriting of key documents, while keeping the flexibility to generate custom, tenant‑specific documents for other use cases.
3. Safer data‑warehouse tenant isolation (assessment & design)
- Component: Data Warehouse / Security & Governance
We’ve completed a security assessment of how reporting data is isolated per tenant in our data‑warehouse layer (AWS Athena and related services). The outcome is a hardened design for view and workgroup governance:
- Clear ownership of who can change query objects and workgroups,
- Documented risks and mitigations for cross‑tenant exposure,
- A roadmap for moving these controls into version‑controlled, auditable infrastructure.
You’ll see the results of this design work reflected in upcoming DWH releases as we roll out the implementation in phases.
4. Standardised Glue job parameters for Data Warehouse pipelines
Component: Data Warehouse
Our next‑generation DWH pipelines now use a consistent naming scheme for AWS Glue job parameters. This improves reliability and lowers the risk of misconfiguration when deploying new jobs or adjusting environments. The change is backwards compatible, so existing schedules and automations continue to run while we prepare a smoother rollout of v2 reporting pipelines.
5. Automated deployment of QuickSight datasets and dashboards
- Component: Data Warehouse / Reporting Automation
We’ve automated more of our BI deployment pipeline so that QuickSight datasets and dashboards can be updated through scripts instead of manual UI operations. This reduces the chance of human error during report updates and shortens the time from change approval to availability in your tenants.
6. Large‑file support in Sales document uploads (feature‑flagged)
-
Component: Back-office Portal
For customers who regularly attach rich documentation to sales opportunities (e.g. presentations, technical packs), we’ve added an optional “large file upload” capability to the Sales module. When enabled, users can upload documents up to 100 MB, with:
- A resilient upload flow via our central document service,
- Clear error messages if a transfer fails, and
- Optional notifications to designated users when new sales documents are added.
The feature is disabled by default and can be activated per tenant based on your needs and governance requirements.
Data & Architecture Improvements
7. Tenant‑safe migration API for policies and installments
- Component: Migration / Underwriting / User Management
We’ve introduced a new migration API designed for safer and more controlled incremental data loads, especially for policies and instalment schedules that need to be brought in after an initial migration:
- Submit structured JSON payloads against pre‑configured migration packages,
- Automatically validate and process entities, with best‑effort import and detailed error feedback,
- Use a dedicated OAuth scope for migration, tightening access control,
- Monitor progress and review failed rows through dedicated endpoints.
This significantly reduces manual CSV handling and gives migration teams better observability and repeatability when reconciling remaining policies or schedules.