Sign inStart free
Trust & security

Your data, fenced and verified.

Ruwad Connect is a clean rebuild on Go and Postgres, with multi-tenant isolation enforced at the database layer. Security isn't a settings page here — it's the architecture.

Contact security

Row-level tenant isolation

Every company's rows are fenced by Postgres RLS. Each request is scoped to a single workspace, so one tenant's queries can never reach another's data — enforced in the database, not just the app.

Encrypted in transit & at rest

TLS everywhere on the wire; disk-level encryption for data at rest, including screenshots and uploads. Secrets are kept out of the codebase and rotated.

Modern credential handling

Passwords are hashed with argon2id. Sessions use short-lived access tokens with rotating refresh families and automatic reuse-detection that revokes a stolen lineage.

Least-privilege access

Granular roles per company gate every module and action. The platform-operator panel runs on a separate accent and separate privileges from tenant apps.

Durable, event-driven core

A transactional outbox guarantees cross-module updates happen exactly once. Nightly backups and reconciliation crons keep derived data honest.

Privacy by design

Monitoring is consent-gated on the device, screenshots can be blurred, and tenants can request export or deletion. Built to support GDPR-style workflows.

How isolation works

One database. Walls between every tenant.

When you act inside a company, Ruwad Connect scopes the connection to that workspace for the life of the request. Postgres row-level security then filters every table automatically — there is no code path that returns another company's row, because the database won't serve it.

  • Consent is captured on the desktop before any screenshot or activity is recorded.
  • Screenshot blur can be enforced org-wide for sensitive teams.
  • Audit logs record privileged and platform-level actions.
  • Per-company data export and tenant-deletion workflows.
  • Credentials and API tokens are shown once, then stored only as hashes.
  • Compliance freeze can lock a tenant's writes during an investigation.
Infrastructure
Compliance posture

Built toward the standards you'll ask about.

Ruwad Connect is engineered to support GDPR-style data-subject workflows today, with SOC 2-aligned controls on the roadmap. Need a security review, DPA or specific attestation for your procurement? Reach out and we'll walk you through where we are.

security@ruwadconnect.com