Security enforced in code, not just in a policy PDF.
Every control below is implemented in the platform and exercised by tests — not a promise we ask you to trust. Here is exactly how your data is isolated, encrypted, audited, and, when the time comes, destroyed.
Role-based access control
Granular RBAC governs what every role can see and do across the platform.
Just-in-time elevation
Privileged access is granted on request, time-boxed, and logged — not left standing.
TOTP two-factor
Standards-based TOTP 2FA protects accounts, with enforcement options for admins.
OIDC single sign-on
Act as an OIDC issuer so teams can sign in with a central identity.
Per-tenant AES vault
Secrets encrypted with AES-256-GCM using per-tenant, HKDF-derived keys; the derived key is never stored.
Row-level isolation
PostgreSQL row-level security prevents one tenant’s query from reaching another tenant’s data.
Data residency in India
Deploy on Indian infrastructure so personal data stays within the country by design.
Cryptographic erasure
Decommissioning destroys the per-tenant salt, making that tenant’s ciphertext — including backups — permanently unreadable.
Append-only audit ledger
A database-enforced, append-only trail records every sensitive action for forensic review.
Per-tenant kill-switches
Lock or decommission a tenant instantly if something goes wrong.
Backups & restore
Scheduled backups with a documented restore path keep data recoverable.
Self-hosted observability
Error and usage telemetry can run on your own stack, not a third party’s.
Honest about where we are.
DPDP readiness. The platform is built to be DPDP-ready by architecture — India data residency, per-tenant encryption, row-level isolation, and an immutable audit ledger. Compliance is a shared responsibility that also depends on how you deploy and operate it.
SOC 2. We operate against SOC 2-aligned controls and maintain internal control playbooks. We will publish attestation status here as it progresses.
Sub-processors & data flows. When you self-host, third-party processors can be reduced to those you choose. A current sub-processor list is available on request.
We run our own business — billing, support, and a production license server — on this platform. Uptime is public.
Send us your security questionnaire.
We would rather answer hard questions than dodge them. Request a security review and we will walk your team through the architecture.