Security

Built like a regulator would design it.

Tenant isolation by Postgres RLS. Append-only audit. Encryption at rest and in flight. SOC2 Type 1 prep in progress.

Tenant isolation by RLS

Every table that holds customer data has row-level security enforced at the Postgres layer. Application code can’t accidentally cross tenant boundaries because the database refuses.

Encryption end to end

TLS 1.3 in flight. AES-256 for sensitive fields at rest (OAuth tokens, integration credentials). Postgres-managed encryption for the database tablespace.

Append-only audit trail

Compliance checks, audit logs, content approvals, email sends, and CRD sync events are append-only. Database triggers reject UPDATE and DELETE for every role, including the service role.

MFA + session controls

TOTP MFA available on every account. Sessions refresh on a 1-hour cycle. Admin impersonation is read-only and time-boxed to 30 minutes with full audit.

Compliance posture

· SOC2 Type 1 readiness assessment in progress.
· Annual third-party penetration test scheduled pre-launch.
· Subprocessor list: Supabase (US-east-2), Vercel, Anthropic, Resend, Cloudflare, Stripe.
· Data export available on demand. Account deletion zeroes tenant data within 30 days.