Security & data isolation

Multi-tenancy and PII handling are built into the architecture from day one.

Per-agency row-level isolation

Tenants are resolved by domain and isolated at the row level. One agency's data is never visible to another.

Encrypted in transit

All traffic is TLS-encrypted end to end. At-rest field encryption is on our roadmap.

Role-based access

Staff see only their own agency's data — and, where scoped, only their own clients.

Export & deletion

Client data can be exported and deleted, in line with our privacy commitments.

Bot & abuse protection

Intake and recovery are protected by human-verification challenges and rate limiting.

Book a demo