Security you can audit

We help you stay compliant — so the platform itself has to be exemplary.

Strict tenant isolation

Every customer's data is isolated at the database level with PostgreSQL Row-Level Security — enforced on every request, server-side. One customer can never read another's data.

Encryption in transit & at rest

All traffic is served over HTTPS, and your stored documents are encrypted at rest.

Role-based access control

Access is checked on every endpoint against your role and your organisation — never trusted from the browser.

Full audit logging

Sensitive actions are recorded in an append-only audit trail, written atomically with the change they describe.

Your data, your control

GDPR data export and deletion on request — because a compliance product should hold itself to the highest standard.

Secrets stay secret

Credentials live in a secret manager, never in code, and we never store your payment card details — billing is handled by Stripe.