Strict tenant isolation
Every tenant gets its own dedicated PostgreSQL database. No shared tenant_id, no cross-tenant leak risk. Audit automated in CI.
Security and compliance.
Strict isolation, legal retention, certifications in progress — built for a demanding B2B market.
10-year retention
Signed reports have legal value and are kept for at least 10 years per applicable business-record regulations. This obligation is the GDPR legal basis.
GDPR compliance
EU hosting, DPA signed with every tenant, right to erasure applied to peripheral data (not to signed reports — legally retained).
152-FZ compliance (Russia)
For Russian tenants, fully hosted in Russia (Moscow VPS), in line with federal law 152-FZ on personal data.
Roskomnadzor certification (in progress)
Targeted to unlock access to Russian government and public-sector bodies. Certified status after official audit.
End-to-end encryption
TLS 1.3 in transit, encryption at rest for PDFs and S3 photos. Keys managed per region (EU and RU kept separate).
Full audit trail
Every sensitive action (login, export, super-admin impersonation, branding change) is logged and visible to the tenant admin.
Business continuity plan
Daily backups, restore tested monthly, incident runbook documented. Real-time alerts to the Altekk team.