Security

Security architecture, compliance certifications, and data protection measures.

On this page

Overview

Security is foundational. Multi-tenant data isolation is enforced at the database level via Row-Level Security (RLS). All data is encrypted at rest and in transit.

429
Tables with RLS
AES-256
Encryption
TLS 1.3
In Transit
SOC 2
Certified

Multi-Tenant Isolation

Every database query is automatically filtered by company_id. This is enforced at the PostgreSQL level using Row-Level Security policies, not application code.

Zero Data Leakage

Company A cannot access Company B's data under any circumstances. Even raw SQL queries execute within the tenant context set by RLS policies.

Implementation

  • All 429 tables include company_id column
  • RLS policies enforce filtering at database level
  • JWT tokens contain company context
  • All API endpoints inherit tenant filtering
  • Audit logs track cross-tenant access attempts

Compliance

SOC 2 Type II

Annual audits for security, availability, and confidentiality controls.

HIPAA

BAA available. PHI protection for healthcare customers.

PCI DSS Level 1

Card tokenization. No card data stored on our servers.

GDPR

Data portability, right to deletion, consent management.

Security Features

Data Protection

Multi-Tenant Isolation

Every query filters by company_id. Row-level security (RLS) on all 429 tables.

company_id filteringRLS policiesNo data leakageAudit logging
Data Encryption

AES-256 encryption at rest, TLS 1.3 in transit, encrypted backups.

AES-256TLS 1.3Encrypted backupsKey rotation

Compliance

HIPAA Compliance

Full HIPAA compliance for healthcare data with BAA support.

PHI protectionBAA availableAudit trailsAccess controls
GDPR Compliance

GDPR-compliant data handling with right to deletion.

Data portabilityRight to deletionConsent managementDPO support
PCI DSS Compliance

PCI DSS Level 1 compliant payment processing.

Card tokenizationNo card storageSecure transmissionRegular audits
SOC 2 Type II

SOC 2 Type II certified for enterprise security requirements.

Annual auditsSecurity controlsAvailabilityConfidentiality

Access Control

Authentication

JWT tokens, MFA, SSO, and role-based access control.

JWT tokensMFA supportSSO/SAMLRBAC
API Security

Rate limiting, API key management, and request signing.

Rate limitingAPI keysRequest signingIP allowlisting

AI Security

PromptGuard

AI prompt injection prevention and content filtering.

Injection preventionContent filteringPII detectionJailbreak prevention
CognitiveLimiter

AI cost control with per-company token limits and budgets.

Token limitsBudget capsUsage trackingAuto-throttling

Related

Security Questions?

Contact security@solidnumber.com for BAA requests, security questionnaires, or penetration test coordination.

SolidNumber — AI Business Infrastructure | Solid#