Most "multi-tenant" platforms put every customer in one big shared table. BackOffice gives each workspace its own Postgres schema and its own database role — real separation at the database, not a filter on a shared row. Add role-based access, a tamper-evident audit log and full data export, and your data stays yours.
Every workspace is provisioned with its own Postgres schema and a dedicated database role scoped to it. One tenant's queries physically cannot reach another tenant's data — the isolation is enforced by the database, not by application code you have to trust to filter correctly.
This is the answer compliance-minded buyers are really asking for when they ask "is my data safe?" — and it's standard on every plan, not an enterprise upsell.
The controls a security questionnaire asks about — built in, not bolted on.
A dedicated Postgres schema and DB role per workspace — separation enforced by the database itself.
Role-based by default, with row- and field-level grants on Business and up. Least privilege, your rules.
Every change is recorded and replayable, and exportable to CSV for auditors.
Encrypted in transit over TLS, and at rest on the underlying managed cloud storage.
Google & Microsoft sign-in on Business; SAML and SCIM provisioning on Enterprise.
Automated backups, plus one-click CSV export and a typed API so your data is never trapped.
Each workspace gets its own Postgres schema and a dedicated database role scoped to it — not a shared table filtered by a tenant ID. The isolation is enforced by the database, so one tenant's queries can't reach another's data.
Yes — encrypted in transit over TLS, and at rest on the underlying managed cloud storage. Access is gated by roles, grants and an audit log.
A DPA is available today on request. SOC 2 is on our roadmap — reach out and we'll walk you through our current controls under NDA and share timelines.
Always. Every entity exports to CSV from the toolbar, and the typed API can stream the entire workspace. Your data is portable by design — there's no lock-in.
Business includes Google Workspace and Microsoft 365 sign-in. Enterprise adds SAML 2.0 (Okta, Azure AD, OneLogin) and SCIM for automated user provisioning.
Tell us what your team needs — isolation, DPA, SSO, residency, self-host — and we'll get you the answers and documents.
Talk to us