The following is a very brief 'technical' description of how the P11D Organiser works in our SaaS/Hosted provision.
Users of the system log in by navigating to a secure web site (www.myp11d.com) over an HTTPS connection (port 443) which is routed through a Cisco firewall. At this point they authenticate with a username and password (which they have generated via a registration email). The password make up is customisable for complexity, time span, history etc to your requirements, and you can also turn on multi-factor authentication (MFA/2FA) should you so choose. Once they have authenticated on to the website, they are in a position to be able to use the P11D Organiser or upload/download information.
Users are authenticated via an Active Directory server that maintains security and credentials, which subsequently allows access to a secure NTFS area of our encrypted data store (these are actually HPE Nimble Storage arrays). The secure area is used for data storage and application storage - the P11D Organiser executable that is used is customer specific, there is no shared access to ensure there is no data leakage.
When the user starts a P11D Organiser session, this goes through a gateway server and then initiates an RDP session to a bank of terminal servers to run the application. We don't use standard RDP to deliver the application interface to the user, that is accomplished by translating the screen into an HTML5 canvas that is then delivered over the HTTPS connection to the user's browser (which can be any modern browser).
To ensure separation of networks (for security reasons), there is no access to your local drives or printers from the hosted P11D Organiser application, any data transfer (be that spreadsheets being uploaded, or PDFs being downloaded) is accomplished via a secure DataExchange facility - see this link for a walk-through of DataExchange operation. Each user has their own specific data area within the system, and they solely have access (again controlled via Active Directory and NTFS). Data upload formats are restricted to certain file types and sizes, and all uploads are scanned for viruses etc during the upload process.
We would recommend that a good starting point for any technical questions would be our Hosted/SaaS Technical Q&As - this covers the most common ones we receive.