Security & Compliance

We use tenant scoping, least-privilege permissions, and role-based access to protect data. All data in transit is encrypted with TLS; at rest encryption is supported by the underlying database. Audit logs record important actions.

• Multi-tenant isolation via tenantId guards
• Role-based access: owner, admin, manager, employee
• Access reviews and audit trail