Access
Who can see what, decided by role
Permissions live on the server, not in the browser.
- Four roles — owner, admin, manager, employee — mapped to 88 individual permissions.
- Every sensitive action passes a permission check before it touches data; there is no client-side shortcut.
- Managers see their team's absences, not their documents; employees see themselves.
Isolation
Your company is an island
Multi-tenant security without the jargon.
- Every database query is filtered by your company. Not most — every one.
- Automated cross-tenant tests attack that boundary on every release and must fail to pass the build.
- Files carry the same wall: storage paths are company-scoped and links expire.
Foundation
Built on trusted rails
The stack underneath is boring on purpose.
- Identity by Clerk, database and storage by Supabase in Frankfurt, payments by Stripe, monitoring by Sentry.
- Server-side validation on every input; database constraints as the last line of defense.
- Every sensitive change lands in the audit trail — who, what, before, after.




