Security at Quikori

Postgres Row-Level Security (RLS) is enforced on every table that carries a tenant_id column.

Each request sets app.current_tenant per transaction (SET LOCAL) and resets at commit. Cross-tenant reads are denied at the database layer, not the application layer.

Data at rest: AES-256 on the database tier. API keys and access tokens are envelope-encrypted with a separate KMS-managed key before write.

Data in transit: TLS 1.2+ everywhere. No plaintext fallbacks.

Supabase Auth with JWT. Custom claims distinguish SuperAdmin from Tenant roles. Tenant session tokens carry the tenant_id claim used by the RLS rebind.

SuperAdmin tenant CRUD, billing events, and authentication events are logged with actor, timestamp, and source IP.

Tenant-scoped audit logs are visible in the dashboard on Professional Team and above.

Least-privilege access. Role separation between SuperAdmin, Tenant Admin, and Tenant Member.

Production access goes through a separate, audited bastion. Environment variables are the only configuration surface (no in-app secrets).

GDPR + KVKK aligned. Lawful-basis copy and data-subject rights (export, deletion) are exposed directly in the dashboard.

SOC 2 Type II and ISO 27001 are on our roadmap. Current controls map to SOC 2 Common Criteria and ISO 27001 Annex A controls.

Report a vulnerability to [email protected]. We acknowledge within 48 hours and triage within 5 business days.

A signed security report is available under NDA on request.