Access & governance

Security and access control your compliance team will actually like

RBAC v2 with 149 atomic permissions, PostgreSQL row-level security, AES-256-GCM field encryption, and continuous SOC 2 monitoring β€” all built in, not added on.

Book a demoSee pricing
Governance dashboard β€” RBAC roles, audit log tiles, SOC 2 score
184
Atomic permissions
20
System roles
94
RLS-protected tables
AES-256
GCM field encryption

What you can do

4 pillars β€” each one expanded further down with bullets and a screenshot.

Granular RBAC

184 atomic permissions composable into 20 system roles β€” or build your own.

Database-level isolation

94 tables enforced by Postgres RLS β€” even an app bug can't leak across tenants.

PII encrypted at rest

AES-256-GCM on emails, names, phones, free-text β€” automatic via Prisma extension.

GDPR + SOC 2 ready

Article 7/15/17/30/33 tooling + SOC 2 Type II monitoring + breach automation.

RBAC v2 with 20 system roles

  • 184 atomic permissions across 15 categories (tenant, survey, billing, analytics, governance, and more)
  • 20 system roles across platform, tenant, survey, and API scopes
  • Build custom roles by composing permissions β€” no code required
  • Redis-cached for sub-millisecond permission checks under load
Role editor β€” permission tree with search and preview

Row-level security at the database

  • 94 tenant-scoped tables protected by PostgreSQL RLS policies
  • Tenant isolation enforced at the storage layer, not just the app
  • SUPER_ADMIN bypass for support operations when explicitly needed
  • Defence in depth β€” even an app-layer bug can't leak cross-tenant data
Security dashboard β€” RLS policy status per table

Field-level PII encryption

  • AES-256-GCM authenticated encryption for emails, names, phone numbers, free-text answers
  • Automatic via Prisma extension β€” developers can't accidentally write plain text
  • Key rotation is versioned; old keys decrypt historical rows
  • Deterministic hashing enables search without decrypting
Encryption panel β€” key rotation and compliance score

Compliance you can actually demonstrate

  • GDPR tooling: Article 7 consent, 15 access, 17 erasure, 30 records, 33 breach notification
  • SOC 2 Type II monitoring: MFA enrollment, password policy, access control, audit retention
  • DPA breach-notification automation with 72-hour deadline tracking
  • Advanced audit logging β€” who changed what, when, before/after
Compliance dashboard β€” SOC 2 checks with scores and recommendations

How it works

The typical flow from setup to output.

1

Start with a role template

Use a built-in role (admin, program manager, analyst, viewer) or compose your own from atomic permissions.

2

Layer in scope

Scope roles per tenant, per survey, or for API access. A program manager for EMEA is one dropdown away.

3

Audit continuously

Every permission check and every data change is logged. Export the trail anytime.

Plays well with

Adjacent capabilities and solution pages you might want to read next.

Organisational fit

Organisational units, approvals, white-label.

Analysis & follow-through

Role-scoped dashboards.

For regulated environments

See the full governance story.

Trust & security

Detailed security posture.

Bring your security questionnaire

We'll pre-fill the answers with links to the live capabilities. Your compliance team gets a shorter path to sign-off.

Talk to our team