Security as a first principle,
not an afterthought.
Four layers of defense protect every request. Database-enforced tenant isolation means no query, no matter how poorly written, can leak data across tenants.
Defense in depth
Every API request passes through four security layers before touching data.
Core security controls
Row-Level Security (RLS)
PostgreSQL RLS enforces tenant isolation at the database level. Every table has a mandatory policy filtering by current_setting('app.current_tenant_id').
ALTER TABLE consents ENABLE ROW LEVEL SECURITY;
CREATE POLICY tenant_isolation ON consents
USING (tenant_id = current_setting('app.current_tenant_id')::uuid);Hash-Chained Audit Trail
Every event is cryptographically linked via SHA-256. Tampering with any historical event invalidates all subsequent hashes. Append-only enforcement via PostgreSQL RULES prevents even DBAs from altering history.
event_hash = SHA-256(
tenant_id + event_type + entity_id
+ JSON(payload) + previous_hash
+ created_at
)AES-256-GCM Encryption
All sensitive data encrypted at rest. Connector credentials use AWS KMS envelope encryption — the data encryption key is itself encrypted by a master key. Keys are rotatable without re-encrypting existing data.
HMAC-SHA256 Webhook Signing
Every outbound webhook signed with per-subscription secret. 5-minute timestamp window for replay protection. Constant-time signature comparison prevents timing attacks.
Infrastructure hardening
Non-Root Containers
All services run as non-root users with minimal privileges and read-only filesystems.
HSTS + CSP Headers
Strict Transport Security, Content Security Policy, X-Frame-Options on every response.
Rate Limiting
Redis-backed per-tenant quotas. 10,000 req/min for consent checks, 1,000 for mutations.
Idempotency Keys
24-hour Redis-backed deduplication on all POST/PUT/PATCH via Idempotency-Key header.
Structured Logging
Pino JSON logging with request-ID correlation. No PII in logs. Audit-grade log retention.
Zero-Downtime Deploy
Graceful SIGTERM shutdown. Active requests complete before process exit. Rolling updates.
Encrypted Backups
Automated daily backups with AES-256 encryption. Point-in-time recovery within 7 days.
Connection Pooling
PgBouncer connection pooling with configurable sizes. Health monitoring and auto-recovery.
Role-Based Access Control
Five predefined roles with 100+ granular permissions. Every team member gets exactly the access they need.
Full access to all 13 modules, settings, analytics, and audit trail. Can approve responses and sign certificates.
Create and manage consents, grievances, and risks. Cannot change settings or approve final responses.
Review and approve DSAR responses, assessment approvals, erasure jobs, and legal hold decisions.
Manage integrations, webhooks, API keys, and user accounts. No access to compliance data content.
View-only access to all data, audit trail, and analytics. Cannot modify anything. Can export audit logs.
Compliance & certifications
DPDPA Ready
Full compliance toolkit with 90-day DSAR SLA, DPB escalation, and 8 Indian language support.
GDPR Art. 30 Compliant
Complete ROPA, DPIA workflows, DPO tools, and cross-border transfer safeguards with SCCs.
CCPA / CPRA Ready
Consumer rights automation with 45-day SLA tracking, GPC signal enforcement, and opt-out management.
ISO 31000 Framework
Risk management with 5x5 heat maps, treatment plans, and auto-computed generated risk scores.
SOC 2 Type II
Security controls audit in progress. Trust center documentation available on request.
Penetration Tested
Regular third-party security assessments with full remediation tracking and reporting.
Need our security whitepaper?
Detailed documentation of our security architecture, threat model, and compliance controls. Available for enterprise prospects.