Built to be trusted

Reliability that earns a place in the stack.

Finance and operations teams don't want surprises. We treat uptime, audit trails, and data boundaries as the product — not as marketing bullets.

Built to be trusted

Reliability that earns a place in the stack.

Finance and operations teams don't want surprises. We treat uptime, audit trails, and data boundaries as the product — not as marketing bullets.

0.00%
Uptime, last 12 months
0 critical
Incidents last 90 days
<0h
Median RTO on restore drills

Multi-tenant architecture

Each company gets a logical boundary. Data never crosses tenants. Audited at every query.

Immutable audit logs

Every mutation is logged: who, what, when, from where. Exportable for auditors in one click.

Role-based permissions

Granular access across modules and actions. Segregation of duties — built in, not bolted on.

Disciplined migrations

Forward-only schema changes, signed-off per release. Rollback plans attached to every deploy.

Deploy discipline

Blue-green releases. Health checks before traffic cuts over. Canaries for customers on the edge.

Operational reliability

99.9% monthly uptime target. Status page, public incident history, and a three-person on-call rotation.

Compliance matrix

Exactly what's in place — and what isn't yet.

We'd rather be specific than reassuring. This matrix shows every control in plain language; if you don't see a checkmark, we haven't earned the right to claim it yet.

Control
Status
Detail
Tenant data isolation
In place
Row-level organizationId filter on every query; kernel guards refuse batches that straddle tenants.
Encryption in transit
In place
TLS 1.2+ on every customer endpoint. HTTPS-only cookies for authentication.
Encryption at rest
In place
Primary database volumes encrypted (provider-managed keys). Object-storage uploads encrypted server-side.
Immutable audit log
In place
Every create / submit / cancel / delete on financial documents is recorded with actor + before / after diff; admins cannot modify log rows.
Role-based access control
In place
Org-level roles (owner / admin / member) plus ERP roles for module-level permissions; invites scoped per organization.
Close-period posting guard
In place
FiscalPeriodSignoff freezes GL posting on or before periodEnd; schema-enforced, cannot be bypassed from the UI.
Database backups
In place
Daily automated backups with 30-day retention. Restore procedure documented and rehearsed.
Breach notification process
In place
72-hour notification to controllers per DPA. Incident runbook exists and is owned by the engineering lead.
SOC 2 Type II
In progress
Observation period underway with a third-party auditor. Attestation letter will be available on request when issued.
ISO 27001
Not yet
Not on the roadmap for this fiscal year. Evaluating in parallel with SOC 2 completion.
HIPAA
Not yet
Service is not designed for protected health information. We will not sign BAAs.
Third-party penetration test
In progress
First external engagement in scoping. Summary report will be shareable under NDA.

We won't publish a status we can't back up on request. Ask us for the relevant evidence.

Legal documents

The paperwork your counsel will want.

All six operative documents are published and versioned. When you sign up we record the exact version you accepted, with a SHA-256 hash of the text — so 'what I agreed to' is always provable.

Terms of Service
The master agreement: services, fees, AS-IS, liability cap, arbitration, data ownership.
Privacy Policy
What personal data we collect, why, how long we keep it, and your rights under PIPEDA / GDPR / CCPA.
Data Processing Addendum
GDPR Article 28 processor obligations, SCCs for cross-border transfers, breach notification timeline.
Subprocessor List
Every third-party that touches Customer Data — Hetzner, Resend, Anthropic, OpenAI, Stripe — with processing region.
Acceptable Use Policy
What you can and can't use the Service for. Binding on all accounts.
Cookie Policy
Strictly-necessary cookies only today. If that ever changes we'll ask for consent before setting anything new.
Security contact. Vendor risk questionnaires, SOC 2 evidence requests, and responsible-disclosure reports all go to [email protected]. We respond within two business days.