Workspaces, isolated at the database.
Klereti is engineered on Supabase with Postgres row-level security — every query is gated against your active workspace membership before a single row is returned. Security is at the data layer, not the UI.
How we protect workspace data.
Four layers of control — built into the data layer, not the frontend.
Authentication
Supabase Auth issues short-lived JWTs. Every request is validated against the user's active membership before any data query executes.
Row-level isolation
Every table is policy-restricted with Postgres RLS. A query from Workspace A can never return rows from Workspace B — enforced at the database, not the app.
Workspace memberships
Users see only the workspaces they belong to. Roles (Owner, Admin, Member) gate every page, action, and module setting.
Audit trail
Workspace admin events — members added, modules toggled, settings updated — are logged for accountability and compliance review.
What's active. What's planned.
We don't claim controls we haven't shipped. Here's the honest picture.
Enforced at the schema level. A query from Workspace A can never return rows from Workspace B.
API keys, secrets, and credentials encrypted in transit and stored inside tenant tables.
Owner / Admin / Member roles, with a full activity log per workspace.
Mapping controls to SOC2 internally; targeting Q1 2027 for external audit readiness.
Okta, Microsoft Entra, custom SAML — targeting Q4 2026.
Enterprise option for funds and holdcos needing isolated infrastructure.
Built on Supabase, Postgres, and Vercel — with row-level enforcement on every table.
Auth via Supabase. Database isolation via Postgres RLS policies. Deploys on Vercel with edge runtime where applicable. All operational metadata stays inside your workspace partition.
Need a deeper review?
We'll walk you through our database policies, audit trail design, and roadmap. Email security@klereti.com or open the contact form.