Built so security review takes one meeting, not three.
Multi-tenant by design. Encrypted at rest. EU-hosted. GDPR-aligned. AI prompts scoped per request and never persisted by the model provider. Formal certifications are on the roadmap; we'll share reports as they land.
Eight things your security team will ask, answered.
Tenant isolation by design
Multi-tenant Postgres with row-level security on every table. Every query scoped by company_id. Cross-tenant data flows are impossible at the database layer, not just the application.
Credentials encrypted at rest
ERP API keys and integration secrets are AES-256-GCM encrypted with per-tenant keys. Lose them and they cannot be recovered — by us or by anyone.
EU-hosted by default
European customers run on EU-region infrastructure as the default. Pick your region; data residency follows.
GDPR aligned
Data processing agreement on request. DSAR (data subject access request) handling within 30 days. Right to erasure honoured at the row level.
Compliance, on the roadmap
We're early. We don't claim certifications we don't yet have. Formal compliance audits are on the roadmap; we'll share reports as they land. Until then, we send our security questionnaire and architecture diagram on request.
Audit log
User actions, role changes, integration credential changes — all logged with actor, target and reason where applicable. Exportable for your own compliance use.
AI-safe by construction
Claude prompts scoped per request. Your data is never used to train shared models. Anthropic does not persist Stokk prompt traffic.
Backups & DR
Point-in-time recovery on Postgres. Cross-region backup. Recovery time objective measured in minutes for control-plane and hours for data-plane.
Independent security review available on request.
We send a current security questionnaire response, our DPA, and an architecture diagram on request. Talk to your account contact or email security@stokkflow.com.
Ready when your security team is.
Two-week onboarding includes a security review meeting if you want one.