Security posture

GDPR Article 28 ready · CCPA Service Provider · SOC 2 Type I in progress

Ataski operates a single multi-tenant Postgres database with Row Level Security enforced at the database layer; an append-only audit log on every action; and per-tenant cost guardrails to contain damage from any single-credential compromise. This page is the procurement-ready summary — for the contract-binding surface, see the Data Processing Agreement.

Multi-tenancy

Every customer-data table carries a tenant_id column and a Postgres Row Level Security policy that filters every read and write to the bound tenant’s session variable. The application sets the variable from the authenticated principal at the start of every request; the database rejects any query that attempts to read or write outside the bound tenant, independent of application-layer correctness.

Defence-in-depth for surfaces that sit outside Postgres: the LiteLLM cache namespaces every prompt by a per-tenant salt so cache hits cannot cross tenants; durable workflow payloads are encrypted with per-tenant keys at the workflow boundary; and the R2 object store namespaces every key under tenants/<uuid>/… so a leaked URL cannot enumerate other tenants.

Audit log

Every LLM call, external API call, and data modification is written to a single append-only audit_log table keyed on (tenant_id, correlation_id). The table is locked at the database layer (REVOKE UPDATE, DELETE on the application role) — the only path to mutate audit history is direct administrative access by Ataski operations, which itself produces audit rows under a distinct actor_type="ops" marker.

Encryption

• At rest. Every customer credential (OAuth refresh token, API key, webhook secret) is wrapped with Fernet (AES-128 in CBC mode with HMAC-SHA-256 authentication) before being persisted as BYTEA. Per-tenant data encryption keys are on the roadmap; storage-layer encryption (AES-256) is provided by Neon for Postgres and by Cloudflare R2 for object storage today.
• In transit. TLS 1.3 is the minimum on every public endpoint and every outbound sub-processor call.

Access controls

Authentication is delegated to WorkOS (SSO, SAML, passwordless). Authorisation is role-gated at the route layer: high-stakes actions (board pack approval, monthly investor update send, outbound campaign launch) require a named role (founder or finance_lead) on the workspace.

Connector scopes

Every operator-connectable system runs against a documented set of provider-side scopes. The list below renders from our internal scope manifest — what you see is what the OAuth client (or equivalent credential) actually requests.

• Anthropic (Bring Your Own Key). Routes every Anthropic worker + supervisor LLM call through your own Anthropic API key (sk-ant-*). Ataski stores the key Fernet-encrypted at rest and reads it only through the LiteLLM gateway proxy at call time; no copy lives anywhere else. Anthropic invoices you directly; Ataski's invoice excludes LLM cost for any traffic routed through this key. Rotate or deactivate from /app/llm-keys at any time.
• HubSpot. Reads deals, contacts, and companies. Cannot create or modify any HubSpot record.
• NetSuite. Reads GL transactions, AR aging, AP aging, accrual snapshots, and subsidiary roster via NetSuite Token-Based Authentication (TBA) — an OAuth 1.0a-flavoured credential the customer generates inside their NetSuite UI (Setup → Users/Roles → Access Tokens). NetSuite does not offer OAuth 2.0 for SuiteTalk REST; the customer creates the Integration record + Access Token bound to a read-only NetSuite role of their choice, and Ataski only issues read queries against it. Cannot post journal entries, modify records, or close accounting periods.
• OpenAI (Bring Your Own Key). Routes every OpenAI supervisor + embedding call through your own OpenAI API key (sk-*). Ataski stores the key Fernet-encrypted at rest and reads it only through the LiteLLM gateway proxy at call time; no copy lives anywhere else. OpenAI invoices you directly; Ataski's invoice excludes LLM cost for any traffic routed through this key. Rotate or deactivate from /app/llm-keys at any time.
• QuickBooks Online. Reads chart of accounts, P&L, balance sheet, cash flow, invoices, customers, and vendors. Cannot write or modify any QuickBooks data.
• Recall.ai. Creates bots that join scheduled meetings and reads back their transcripts and engagement metadata. Write surface is limited to dispatching the bot; cannot mutate any calendar, video-conference, or meeting-host data.
• Sage Intacct. Reads GL accounts, journal entries, AR/AP, and trial balance via a customer-provisioned read-only Web Services user. Sage Intacct does not offer OAuth; the customer creates the WS user inside their Sage Intacct admin and supplies its credentials. Cannot post journal entries or modify any Sage Intacct data.
• Stripe. Reads subscriptions, invoices, customers, refunds, and payment intents via a customer-provided Restricted API key. Cannot create, modify, or refund charges.
• Xero. Reads the P&L, reports, invoices, and organisation settings via OAuth. Cannot create or modify any Xero data.

PII handling

Ataski operates as a CCPA Service Provider (Cal. Civ. Code §1798.140(ag)), not a data broker. Contact records stay in per-tenant RLS scope and are never aggregated across tenants; firmographic non-PII (company name, industry, public business records) may be cached across tenants for performance. We do not depend on email-finder data-broker vendors (Hunter, Apollo, Findymail, ZoomInfo, Coresignal); contact discovery uses public-source compose patterns. Per-recipient deletion within 45 days of request via /privacy/optout.

Sub-processors

The canonical sub-processor list is published at /legal/subprocessors and currently comprises 18 vendors. Sub-processor changes ship with 30 days’ prior notice via in-app banner and email to the workspace admin; Customer may object on reasonable grounds during that window.

Data Processing Agreement

The master DPA covers GDPR Article 28, UK GDPR, and CCPA Service Provider obligations: read it at /legal/dpa. The authenticated version at /app/legal/dpa fills the Controller fields from the workspace and supports electronic signature by the workspace founder or finance lead.

Incident response

Errors and exceptions are captured in Bugsink (hosted Sentry drop-in); the on-call rotation reviews incident severity within one hour of first signal. Status of operational endpoints is published on the public status page. For any incident involving Customer Data, we notify the affected Controller without undue delay and within 72 hours per GDPR Article 33.

Compliance posture

• GDPR Article 28 ready. Master DPA available for download and electronic signature; sub-processor list published and fingerprinted.
• CCPA Service Provider. Cal. Civ. Code §1798.140(ag) posture — no data-broker activity, per-tenant scope on all contact data, deletion endpoint published.
• SOC 2 Type I in progress. Audit scoping complete; observation period begins Q3 2026. Report will be available under NDA once issued.