Security
Designed for multi-tenant SaaS from day one
Every query is scoped. Every job is tenant-safe. Every event is logged.
Core controls
- Tenant isolation on every table and query
- Role-based permissions (admin / user)
- Tenant-safe background jobs and schedulers
- Billing and usage audit trails
- Webhook signature verification and idempotency
- JWT session cookies with short expiry
- Password hashing with bcrypt
Roadmap (Enterprise)
- Audit log (immutable event stream)
- SAML SSO
- SOC 2 readiness
- Optional Postgres RLS tier