Security enforced at the schema.
Tenant isolation, access control and audit aren't features bolted on — they're how the platform is built from the data model up.
Tenant isolation
Postgres row-level security scopes data by workspace, and every server query is additionally hard-scoped to the workspace ID. Tenants never see each other’s data.
Server-enforced RBAC
Four roles — admin, rep, underwriter, support — enforced on every route and API in middleware, not just hidden in the UI. Reps are data-scoped to their own records.
Secrets stay out of the repo
Service-role keys and integration tokens live only in the hosting dashboard. Webhook handlers verify signatures and shared secrets on every inbound call.
Audit & soft-delete
An audit feed records sensitive actions, and soft-delete with restore across entities gives an undo window instead of irreversible loss.
Messaging compliance
TCPA STOP/START opt-out is live for SMS and honored on both inbound and send. CAN-SPAM unsubscribe and Toll-Free Verification are the next milestones.
E-sign with audit trail
Native e-signature captures ESIGN/UETA consent and produces a Certificate of Completion — signer, IP, timestamps and a SHA-256 hash of the signed document.
Built toward enterprise compliance.
The controls institutional funding partners and regulated verticals require — sequenced and underway.
SOC 2 Type II
Evidence automation across code, data and hosting — the institutional-funding gate.
PCI-DSS scope reduction
No raw card data stored; lean on a compliant data platform.
NACHA / ACH rules
Compliance layer for rep and residual payouts.
Data retention
Row-level TTL automation alongside the existing audit log.
Note: native e-signature is generally valid under ESIGN/UETA with consent and an audit trail; a certified provider is recommended for high-stakes, regulated contracts. This page describes product capabilities and is not legal advice.
Walk through our security posture.
We're happy to go deep on tenant isolation, RBAC and the compliance roadmap with your team.