Security at Et'al
Your data is the foundation of your business. We treat its protection as a first-class responsibility -- not an afterthought.
How we protect your data
Encryption at Rest & in Transit
All data is encrypted with AES-256 at rest and TLS 1.3 in transit. Your information is protected whether it is stored or moving between systems.
Row-Level Security
Every database query is enforced by PostgreSQL Row-Level Security policies. Tenant data is isolated at the database layer -- no application-level workarounds.
SOC 2 Compliance
Our infrastructure and processes are aligned with SOC 2 Type II standards, covering security, availability, and confidentiality of your data.
Authentication & SSO
Support for multi-factor authentication, magic links, and enterprise SSO via SAML and OpenID Connect. Role-based access controls limit who sees what.
Cloud Infrastructure
Hosted on modern cloud infrastructure with managed PostgreSQL, automatic backups, point-in-time recovery, and geographic redundancy.
99.9% Uptime SLA
We commit to 99.9% availability backed by our service-level agreement. Proactive monitoring and automated failover keep your business running.
Security practices
Ongoing measures that keep your environment secure
Regular Penetration Testing
Third-party security assessments on a recurring schedule.
Automated Dependency Scanning
Continuous monitoring of open-source dependencies for known vulnerabilities.
Audit Logging
Comprehensive logs of authentication events and data access for compliance and forensics.
Data Backups
Automated daily backups with point-in-time recovery up to 30 days.
Multi-tenant isolation
et'al is built on Supabase with PostgreSQL Row-Level Security (RLS) policies enforced at the database layer. Every query is scoped to the authenticated tenant -- there is no shared access between organizations. This means even in the unlikely event of an application-level bug, the database itself prevents cross-tenant data leaks.
Responsible disclosure
We value the security research community and welcome responsible disclosure of vulnerabilities. If you discover a security issue, please report it to us privately so we can address it before public disclosure.
Contact us at security@etalcrm.com. We aim to acknowledge reports within 24 hours and provide a resolution timeline within 72 hours.
Have security questions?
Our team is happy to discuss our security practices, provide documentation, or complete your vendor security questionnaire.