Skip to content

Security

Security you can check, plainly stated.

Everything on this page ships in the platform today. Nothing aspirational, nothing vague — and your IT team can verify each item on a live instance.

Account security

  • Two-factor authentication with authenticator apps (TOTP), with the MFA secret stored encrypted
  • Workspace-scoped login — an account belongs to a workspace, not to the platform at large
  • Workspace-scoped password reset, so a reset flow cannot cross into another workspace
  • Security headers applied at the platform level
  • REST API access authenticated with Bearer tokens

Permissions & governance

  • Role-based permissions built from a matrix of module against view and manage
  • Navigation and actions follow the matrix: people see and do only what their role allows
  • The AI copilot computes only over data the asking user is already permitted to see
  • Approval chains and thresholds are configured per workspace rather than hard-coded
  • Roles are reusable across workspaces, so a group applies one standard everywhere

Data protection

  • Dedicated per-tenant data isolation — one workspace’s records never share tables with another’s
  • Documents are virus-scanned synchronously on upload; an infected file is never stored
  • Webhook secrets and MFA secrets are encrypted at rest
  • A required Idempotency-Key on API writes, so a retried request never applies twice
  • Full data export on request — your records leave with you

Audit & operations

  • An append-only audit log, chained with SHA-256 so alteration is detectable rather than deniable
  • A verification command that re-walks the whole chain and reports the result
  • Readiness and integrity check commands for the deployment itself
  • A transactional outbox for guaranteed event delivery — queued events are not quietly lost
  • Automations record a run history, so an automated action can be reconstructed after the fact

Tamper evidence

Why the audit log is chained.

Most systems keep an activity log that a sufficiently privileged account can edit. Ours is append-only, and each entry is chained with SHA-256 to the one before it — so removing or rewriting a single entry breaks every hash that follows. A verification command re-walks the chain and tells you whether it still holds.

That is a deliberately modest claim, and a checkable one. We are not asking you to believe the log is intact; we are giving your team the command that answers the question.

Procurement & review

Bring your security checklist.

IT reviews are welcome. During evaluation we’ll walk your team through authentication and MFA enrolment, the role permission matrix, workspace isolation, audit-log verification, document scanning, and the API — on a live instance, not a slideshow. Accessibility matters too: every colour token meets WCAG AA, and an automated test crawls all screens enforcing accessible names, alt text, a single h1, and labelled controls. Twenty-three of twenty-three automated tests pass.

What we do not claim: we hold no SOC 2, ISO, or other certification, and we publish no uptime or SLA figure. High-availability hosting, disaster recovery, 24/7 support, and a dedicated account manager are service commitments available at the top edition — they are contractual undertakings, not product features, and we describe them that way. Single sign-on (SSO / SAML) is roadmap, not shipped.

Your IT team will have questions. Good.

Bring them to a technical walkthrough — we answer on the live platform.