Security you can audit
We help you stay compliant — so the platform itself has to be exemplary.
Strict tenant isolation
Every customer's data is isolated at the database level with PostgreSQL Row-Level Security — enforced on every request, server-side. One customer can never read another's data.
Encryption in transit & at rest
All traffic is served over HTTPS, and your stored documents are encrypted at rest.
Role-based access control
Access is checked on every endpoint against your role and your organisation — never trusted from the browser.
Full audit logging
Sensitive actions are recorded in an append-only audit trail, written atomically with the change they describe.
Your data, your control
GDPR data export and deletion on request — because a compliance product should hold itself to the highest standard.
Secrets stay secret
Credentials live in a secret manager, never in code, and we never store your payment card details — billing is handled by Stripe.