Security

Security you can
actually trust.

Tenant data is sensitive. We treat it that way. Encryption, access control, audit logs, and compliance-ready infrastructure — built in from day one.

Book a Demo Security Questions
TLS 1.3AES-256 EncryptionMFA SupportRBACAudit LogsGDPR-AwareSOC 2-Ready Infrastructure
Security Pillars

How we protect your data

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Sensitive fields are never stored in plaintext.

  • TLS 1.3 on all API and web traffic
  • AES-256 encryption at rest
  • Database credentials rotated automatically
  • No sensitive data in logs

Role-Based Access Control

Every action in the platform is gated by a permission system. Tenants can only see their own data. Managers can only access their own organization.

  • Roles: Super Admin, Org Admin, Manager, Staff, Tenant
  • Per-resource permission checks on every API call
  • Org-scoped data isolation — no cross-tenant leakage
  • Tenant portal access can be revoked instantly

Audit Logging

Every create, update, delete, and status change is logged with a timestamp, actor, and before/after snapshot.

  • Full audit trail for all data operations
  • Who approved what AI draft and when
  • Immutable log entries
  • Exportable for compliance review

Authentication

Authentication is handled by Clerk — a dedicated auth platform with multi-factor authentication, session management, and organization-level controls.

  • MFA support for all users
  • Organization-level role assignment
  • Session expiry and revocation
  • Webhook-verified user sync

Infrastructure

Deployed on Vercel with serverless architecture. Database hosted on managed Postgres with daily backups and point-in-time recovery.

  • Serverless compute — no persistent attack surface
  • Managed database with automated backups
  • Environment variable isolation per deployment
  • No customer data stored client-side

Compliance Readiness

myTenancy.ai is designed with compliance in mind. Audit trails, data retention controls, and privacy tooling support your compliance requirements.

  • GDPR-aware data handling
  • Right-to-deletion support
  • Privacy Policy and Terms of Service enforced at signup
  • Vendor DPA available on request

Have specific security requirements?

We're happy to walk through our security posture, provide a DPA, or answer detailed compliance questions.

Contact Us