Security that meets enterprise procurement
Built for regulated industries. Multi-layer encryption, hardware-key auth, AI guardrails, and a PostgreSQL RLS architecture that physically isolates every tenant's data.
Enterprise Security Features
AES-256-GCM Encryption
All sensitive data encrypted at rest with 256-bit keys, 96-bit IVs, and 128-bit authentication tags. Envelope encryption with per-tenant key derivation via PBKDF2 (100K iterations).
Tenant Key Management (KMS)
Each tenant gets its own Data Encryption Key (DEK). Keys are wrapped by a master Key Encryption Key (KEK) — your data and your neighbour's data are mathematically isolated.
Multi-Factor & Passwordless Auth
TOTP, WebAuthn/FIDO2 hardware keys, SMS OTP, email magic links, and backup codes. Passkey support eliminates password risk entirely for security-first teams.
Enterprise SSO
SAML 2.0, LDAP/Active Directory, and OAuth 2.0 for Google, Microsoft, GitHub, and Okta. Map your IdP groups to platform roles — zero provisioning overhead.
Row-Level Security (RLS)
PostgreSQL RLS enforced on every tenant table — no application-level tenant filtering required. Even a misconfigured query cannot leak cross-tenant data.
AI Guardrails Engine
PII detection, content filtering, prompt injection prevention, and schema validation run on every AI interaction before it reaches the LLM. No raw user data leaks to external models.
Full Audit Trail
Every AI tool execution, permission change, and data mutation is recorded with correlation IDs, user context, and timestamps. Immutable audit log with configurable retention.
Rate Limiting & DDoS Protection
Redis-backed rate limiting (100 req/60s default, configurable per tenant). Circuit breakers, dead-letter queues, and distributed locks prevent cascading failures.
Observability & Alerting
50+ Prometheus metrics, distributed tracing via OpenTelemetry, structured JSON logs. Real-time dashboards show queue depth, AI latency, error rates, and tenant health.
Security Headers
HSTS (1-year, preload), Content Security Policy with per-request nonces, Permissions-Policy, X-Frame-Options, and CORS controls enforced on every response.
All Platform Modules Protected by Enterprise Security
Every module listed below is covered by the security architecture above. Choose what you need.
Core Workflows
AI Flows, Triggers, Logic, Transforms, Utilities, Connectors
CRM & Sales
Contacts, Accounts, Deals, Opportunities, Pipeline Management, Sales Cloud
Finance & Accounting
Invoicing, Accounts Receivable, Accounts Payable, General Ledger, Reconciliation, Multi-Currency Reporting
HR & People
Employees, Timesheets, Payroll, Multi-Jurisdiction Tax (EU, UK, US), Org Charts, Performance Management
Document Intelligence
Document Upload, AI Extraction, Classification, E-Signing, Contracts, Invoice Processing
Data & Integration
Data Mapping, Transformation, Deduplication, Validation, Analytics, Screen Builder
Administration
Permissions & RBAC, User Management, Audit Logs, Settings, Team Management, API Keys
Agentic AI Security
Autonomous AI agents are constrained by the same security layer as all platform tools.
Autonomous Agent Execution
Agents execute business tools on your behalf with full context from all modules. Every action is rate-limited, permission-checked, and logged with correlation IDs for complete traceability.
Built-in Control Panel
Monitor agent decisions, set execution budgets, define approval thresholds, and rollback results. Agents run within configurable boundaries — you're always in control.
Security review package available
Request our security questionnaire responses, penetration test executive summaries, DPA template, and data flow diagrams — everything your InfoSec team needs to approve us fast.
Request security docs