Security at the core
Tenancy, access, encryption, and audit are first-class platform concerns — not bolted-on features.
Security controls
Multi-tenant isolation
Every business table carries tenant_id and (where applicable) franchisee_id. Row-Level Security enforces isolation on every read and write.
RBAC + MFA
Roles live in a dedicated user_roles table behind a has_role() security-definer function. TOTP MFA is supported for every user.
Encryption
TLS 1.2+ in transit. AES-256 at rest. Secrets stored in a managed secret store, never in code.
Audit logging
Sensitive actions are written to an immutable audit_log with who/what/where/when.
Vulnerability management
Continuous dependency scanning, periodic penetration testing, and a private disclosure channel for security researchers.
Data residency & backups
Single-region by default with daily backups and point-in-time recovery. Multi-region available for Enterprise.
Infrastructure
Hosted on hardened cloud infrastructure with network isolation, least-privilege IAM, and managed Postgres.
Responsible AI
No tenant data is used to train third-party models. AI features are opt-in per tenant.
Related Franexis pages
- Franexis overview — multi-tenant franchise operations platform.
- Product tour — modules, tenancy model, and integrations.
- Features — CRM, royalties, audits, field service, reporting.
- Pricing — per-brand plans with security included on every tier.
- Franchise compliance — how audits and document tracking work.
- Privacy policy — what data we process and how.
- Book a security-focused demo — review controls against your requirements.
- TetraCore support — for security questions and incident response.