Security & Trust

Isolated by design.

Most "multi-tenant" platforms put every customer in one big shared table. BackOffice gives each workspace its own Postgres schema and its own database role — real separation at the database, not a filter on a shared row. Add role-based access, a tamper-evident audit log and full data export, and your data stays yours.

True isolation

Not a shared table — a schema per workspace.

Every workspace is provisioned with its own Postgres schema and a dedicated database role scoped to it. One tenant's queries physically cannot reach another tenant's data — the isolation is enforced by the database, not by application code you have to trust to filter correctly.

This is the answer compliance-minded buyers are really asking for when they ask "is my data safe?" — and it's standard on every plan, not an enterprise upsell.

How we protect your data

Security that passes the review.

The controls a security questionnaire asks about — built in, not bolted on.

🧱

Per-tenant isolation

A dedicated Postgres schema and DB role per workspace — separation enforced by the database itself.

🔐

Roles & granular access

Role-based by default, with row- and field-level grants on Business and up. Least privilege, your rules.

📜

Tamper-evident audit log

Every change is recorded and replayable, and exportable to CSV for auditors.

🔒

Encryption

Encrypted in transit over TLS, and at rest on the underlying managed cloud storage.

🪪

SSO, SAML & SCIM

Google & Microsoft sign-in on Business; SAML and SCIM provisioning on Enterprise.

💾

Backups & export

Automated backups, plus one-click CSV export and a typed API so your data is never trapped.

Compliance & privacy

Straight answers, no hand-waving.

Data ownership
Your data is yours. Export every entity to CSV, or stream the whole workspace via the API. No lock-in.
GDPR & DPA
A Data Processing Agreement is available on request; deletion and access requests are supported.
Data residency
Region placement is available on request for teams with residency requirements.
SOC 2
On our roadmap. Talk to us about your timeline and current controls under NDA.
Self-hosting
Enterprise can run the stack in their own VPC with the same upgrade path as cloud.
Responsible disclosure
Found something? Email security and we'll work it with you — we don't shoot the messenger.
Questions

Security FAQ.

How is my workspace isolated from other customers?

Each workspace gets its own Postgres schema and a dedicated database role scoped to it — not a shared table filtered by a tenant ID. The isolation is enforced by the database, so one tenant's queries can't reach another's data.

Is my data encrypted?

Yes — encrypted in transit over TLS, and at rest on the underlying managed cloud storage. Access is gated by roles, grants and an audit log.

Do you have SOC 2 or a DPA?

A DPA is available today on request. SOC 2 is on our roadmap — reach out and we'll walk you through our current controls under NDA and share timelines.

Can I get my data out if I leave?

Always. Every entity exports to CSV from the toolbar, and the typed API can stream the entire workspace. Your data is portable by design — there's no lock-in.

Do you support SSO and provisioning?

Business includes Google Workspace and Microsoft 365 sign-in. Enterprise adds SAML 2.0 (Okta, Azure AD, OneLogin) and SCIM for automated user provisioning.

Need to satisfy a security review?

Tell us what your team needs — isolation, DPA, SSO, residency, self-host — and we'll get you the answers and documents.

Talk to us