Security & Trust

Data stored in the EU (PostgreSQL on European servers)

No data sharing between tenants (RLS + application-level isolation)

Data encrypted at rest and in transit

Right to deletion (RGPD Article 17)

Data Processing Agreement available on request

Multi-tenant isolation with PostgreSQL Row Level Security

Read-only access to Microsoft 365 (no write permissions)

JWT authentication with refresh token rotation

Rate limiting and CORS protection

Zero npm vulnerabilities

Microsoft SSO (OAuth2/OIDC)

MFA support

Role-based access control (MSP Admin, Owner, Member)

Session management with one-time-use refresh tokens

RGPD compliant

Microsoft Graph API best practices

Read-only application permissions

Audit trail for all actions