Security

Your guests' data is a liability we take seriously

Multi-tenant platforms live or die on isolation. TELLIIANO enforces it in the database itself — every query, every table, every file — and treats the application layer as a second line of defense, not the first.

Tenant isolation at the database

Every row of your data carries your organization's identity, and PostgreSQL row-level security policies enforce isolation on every query — independent of application code.

Server-side authorization

Every action is checked against your role and permissions on the server. The browser is never trusted with authorization decisions.

Encrypted in transit and at rest

All traffic is TLS-encrypted. Data at rest is encrypted by our infrastructure providers (Supabase / AWS).

Append-only audit trail

Security-relevant actions — logins, role changes, exports, configuration changes — are recorded in an audit log that cannot be edited or deleted, even by administrators.

AI guardrails

Assistants only see their own organization's knowledge. Uploaded documents are treated as data, never as instructions, and retrieval is filtered by tenant before ranking.

Least-privilege secrets

Integration credentials are stored encrypted and never exposed to the browser. Service credentials never leave the server.

A note on compliance

TELLIIANO is architected to support GDPR and CCPA-related requests (data export, deletion, consent tracking) and to keep card data out of scope by processing payments through Stripe. We do not claim certifications we have not earned: formal compliance for your business requires legal, operational, and security review on your side as well as ours. Ask us for our current security documentation.