Trust & security

Security isn't a feature. It's the default.

Governed Mode is built for production from the first line — tenant isolation, human sign-off, full traceability and code you own. Here's how we keep your data and your software safe.

SOC 2 in progressTenant-isolatedAudit logs by defaultYou own the code
How we protect you

Controls built into the platform, not bolted on.

The safeguards procurement and security teams check for are part of how Dual7 works.

Tenant isolation by default

Schema-per-tenant Postgres with row-level security and RBAC, built in from the start. One tenant can never read another's data — isolation isn't a setting you remember to turn on.

Human sign-off gates

Nothing reaches production without approval. Scope, migrations and security each carry a checkpoint a person signs.

A dedicated Security agent

Every certified change is audited for authz, validation and exposure before it can ship.

Audit logs on by default

Who changed what, when, and who approved it — recorded automatically, no setup.

Full traceability

Every line traces to a requirement and a sign-off. Auditors get a graph, not a guess.

Secret hygiene

Credentials are stored and injected correctly — never hard-coded into your app or logs.

Encryption in transit & at rest

Data is encrypted over TLS and at rest, with scoped access to production systems.

You own the code — so you can verify it

Export the full React, Node and Postgres repository and run your own security review. No proprietary runtime means nothing is hidden from your team.

Compliance & posture

Where we stand today.

We're specific about what's live, what's in progress, and what's available on request — no vague promises.

SOC 2 Type II

Controls and evidence collection underway with our auditor.

In progress

Tenant isolation

Schema-per-tenant + row-level security across every workspace.

Live

Audit logging

Immutable change and approval logs, enabled by default.

Live

SSO / SAML & SCIM

Enterprise identity and provisioning on Business and Enterprise.

Available

Self-host / private cloud

Run Dual7-built apps inside your own VPC or data center.

Available

Security review support

We support your vendor assessment and questionnaires.

Available

Need our security documentation, a DPA, or to report a vulnerability? Email security@dual7.ai — or book a demo to walk through it with us.

Build once. Own forever.

Vibe-code at full speed. Certify the features that ship. Same project, no rebuild.

Start freeBook a demo