We’ll show you the tenant filter.
Most SaaS security pages are PR. This one isn’t. We’ll tell you how the tenant filter actually works, where your data sits, what we do with AI prompts, and exactly which compliance certifications we have versus the ones we’re still working on.
Tenant isolation
Every tenant-owned row carries a TenantId column. An EF Core global query filter rewrites every SELECT to filter by it; a SaveChanges interceptor stamps it on every INSERT. Cross-tenant queries return 404 — never data.
Defence in depth
Role-scoped at the service layer on top of the controller authorize attribute. A TeamMember calling GetPortfolioAsync() doesn't get filtered data — they get rejected.
Identity
Microsoft Entra ID multi-tenant (common authority), Google OIDC, and email magic-link. SAML on the Premium waitlist. Passwords stored as bcrypt with per-tenant pepper.
Encryption
TLS 1.2+ for everything in transit (TLS 1.3 by default). AES-256 at rest. Azure-managed keys; Customer-Managed Keys available on Premium for regulated tenants.
Data residency
Azure West Europe (Ireland) by default. UK South and US East available on Premium (waitlist while we provision secondary regions). Tenant row carries the region; routing via Azure Front Door.
GDPR by design
/api/gdpr/export returns a per-tenant JSON archive for Article 15 (right of access). /api/gdpr/erase honours Article 17 (erasure) within 30 days. Joint-controller agreement between UK/ES/PT entities published.
AI without compromise
Anthropic zero-retention API tier — prompts and completions deleted on receipt. Customer data never used to train any model. Tool calls scoped to the caller's TenantContext + CompanyContext — never bypass.
Audit log
Every write tagged with TenantId, CompanyId, PlanId, Role and UPN. 30 days on Pro, unlimited on Premium. Immutable — append-only.
Access control
Role-based: Owner, Admin, EngagementManager, Finance, People, Member, ReadOnly. Custom roles on Premium. Invitation tokens are signed and single-use; sessions are JWT with 12h expiry and refresh rotation.
Vulnerability management
Dependabot + GitHub Advanced Security on every push. OWASP ZAP scan on every release candidate. Responsible-disclosure inbox security@alsviorglobal.com — 5-day acknowledgement, 30-day remediation target.
Backups & DR
Azure SQL point-in-time restore for 35 days. Long-term retention 1 year (Pro) / 7 years (Premium). Quarterly restore drill. RPO 5 minutes, RTO 4 hours.
Compliance roadmap
Cyber Essentials Plus targeted Q3 2026. SOC 2 Type I audit kicked off month 4 of revenue. ISO 27001 in the 12-month plan. We publish progress, not promises.
Found a security issue? Tell us.
We commit to acknowledge any responsible report within 5 business days, and to ship a remediation timeline within 30 days where practicable. We will not take legal action against good-faith researchers who follow this policy.
security@alsviorglobal.comWhere we publish.
- Live status & incidentsstatus.alsviorems.com — uptime per service, incident timeline
- Trust centreSub-processors, certifications, audit reports, DPIA
- Sub-processor listEvery vendor that touches Customer Data, with transfer mechanisms
- Data Processing AgreementArticle 28 GDPR DPA, signed by the entity that bills you
- Service Level Agreement99.9% on Premium, with credits
- AI Transparency NoticeAI Act Article 50 disclosure · no-training commitment
Ready when you are
Sign up in 30 seconds. See your margin in five.
Three people, one active engagement, all the features. Forever free — no credit card needed. Upgrade when the team grows.
— Magic-link sign-in · No card · Cancel anytime