Multi-tenant security we prove on every release.

Not a policy document — an automated test suite. Tenant isolation is verified in CI on every single change to the database layer.

The tenant-isolation contract

Every table is guarded by Postgres Row Level Security. The isolation suite asserts four things, on every change:

  • Own-org reads work — your users see your data
  • Cross-org reads are blind — queries against another tenant return nothing
  • Cross-org writes are rejected — not filtered, rejected
  • Super-admin access is an explicit, audited path — never an accident
ci · tenant-isolation suite own_org_read_returns_rows cross_org_read_returns_empty cross_org_write_rejected super_admin_path_explicit_and_audited runs on: every change to the database layer status: passing · required to merge

Role & scope access control

Granular permission scopes — e.g. forecast.lock, schedule.generate, realtime.view, request.approve — attached to roles. Planners, RTAs, team leads and agents each get exactly the access they need, down to individual operations.

Full audit trail

Every lock, regeneration, approval and manual override is audited: who, when, why. Sensitive actions leave a record by design.

Immutability of locked artifacts

Locked forecasts and schedules reject changes. The plan of record can't be quietly rewritten after the fact — which is also an audit property, not just a workflow one.

Architecture

Backend: Supabase — Postgres, Auth and APIs. All access goes through RLS-guarded, permission-scoped RPCs; there is no side door around the policy layer.

Frontend: React 18 + TypeScript, responsive throughout, with the agent view mobile-tested.

Data residency: hosted in ap-southeast-1 (Singapore). If residency in this region matters to your compliance posture, it's already where your data lives.

We describe our posture as security-first architecture. We publish exactly what is tested and how — and we don't claim certifications we haven't obtained.

Architecture one-pager for your security review

A concise PDF covering the isolation model, access control, audit surface and hosting — written for InfoSec reviewers, not marketers.

We'll email the PDF and nothing else unless you ask.

Check your inbox

The architecture one-pager is on its way.