Security you can trust

Enterprise-grade security is not an add-on — it’s the foundation. Every feature is built on tenant isolation, encryption, and role-based access from day one.

Tenant Isolation

Every organization gets a fully isolated tenant. Data from Tenant A never reaches Tenant B, enforced at the database level via PostgreSQL Row-Level Security (RLS) policies. The Universal Tenant Model supports platform, MSP, individual, client, site, and prospect tenant types with hierarchical isolation.

Row-Level Security (RLS)

Supabase RLS is enforced at every layer: database, API middleware, and UI. All tenant-scoped tables include a tenant_id foreign key, and security-definer functions enforce access boundaries. No query can return data outside the caller's tenant scope.

Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). API keys, tokens, and secrets are managed through Doppler and never stored in code. OpenRouter sub-keys are scoped to minimum required permissions.

Role-Based Access Control (RBAC)

Ten standard roles span the full tenant hierarchy: Platform Admin, MSP Admin, MSP Tech, Client Admin, Client Viewer, Prospect, Individual Owner, Team Admin, Team Member, and Team Viewer. Roles are enforced at the data layer, API layer, and UI layer before any feature work begins.

Authentication

Multi-factor authentication (TOTP), email/password, Google/Microsoft/Apple SSO, Magic Link, and biometric login on native apps. All authentication flows route through the shared packages/auth layer backed by Supabase Auth.

SOC 2 Roadmap

Cavaridge is on the path to SOC 2 Type II certification. Current controls include audit logging via packages/audit, rate limiting and input validation via packages/security, tenant isolation enforcement, and secret rotation policies. Formal audit engagement is planned for 2026.

LLM Security

All LLM traffic routes through Spaniel, the internal gateway. No app-level API keys are permitted. The master OpenRouter key lives in Doppler only. Tenant context is passed via headers so models never see cross-tenant data. Request/response logging via Langfuse for compliance.

Data Portability

Your data is yours. Export everything in 4 formats: Cavaridge JSON, OpenAI-compatible, Markdown archive, or PDF compilation. Scoped exports by workspace, project, conversation, or memories. Explicit data portability pledge.

Questions about security?

Contact our team for a detailed security review or to discuss your compliance requirements.

Contact Sales