How we keep your data safe.

Data isolation

Every workspace runs in a single Postgres database with schema-level isolation and row-level security (RLS) on every table. Your workspace's data is never in a shared row pool with another customer's data. Every query is filtered by your organization ID before it touches the database — enforced at the database level, not just in application code.

The implementation uses Supabase's RLS pattern with a custom has_org_role(auth.uid(), org_id, role) function. Every INSERT, UPDATE, and DELETE is subject to the same policy.

Authentication

TableWork supports multi-factor authentication via TOTP (authenticator apps) and WebAuthn passkeys. Recovery codes are provided at MFA enrollment. We recommend all workspace owners enable MFA.

OAuth sign-in is available via Google and Microsoft. We do not store your OAuth provider password. SSO via SAML 2.0 is available on Enterprise plans.

Step-up authentication is required for sensitive actions: deleting a workspace, exporting all data, and accessing billing history. These actions require a fresh authentication event regardless of session age.

Encryption

All data in transit is encrypted via TLS 1.2 or higher. Cloudflare terminates TLS at the edge and re-encrypts traffic to the origin server.

Sensitive database columns (API keys, webhook secrets, integration tokens) are encrypted at the application layer using AES-256-GCM before storage. Encryption keys are stored in a separate secrets manager, not in the database.

Database backups are encrypted before transfer to R2 object storage.

Backups and recovery

We run continuous WAL archiving to R2. Daily full-database dumps are retained for 30 days. Weekly dumps are retained for 90 days. Monthly dumps are retained for 12 months.

Restore tests run weekly in a sandboxed environment. Point-in-time recovery is possible to within 5 minutes for the 30-day window.

Audit logging

Every state change in your workspace — appointment created, invoice sent, customer record updated, user added — generates an audit log entry with the actor, timestamp, old value, and new value. Audit logs are available to workspace owners in Settings → Audit log.

Admin actions (Sovyren staff accessing customer data for support) are logged with a justification field and are visible to workspace owners in the same log.

Sub-processors

We use a limited set of sub-processors to run TableWork. The full list is published at /legal/sub-processors. We update the list within 30 days of any change and send 30-day advance notice to workspace owners when adding a new sub-processor that touches customer data.

Compliance posture

TableWork is GDPR-aligned. We provide a Data Processing Addendum (DPA) to Enterprise customers. Non-enterprise workspaces are covered by our standard privacy policy. Data subject access requests, deletion requests, and portability exports are handled through contact@sovyren.com within 30 days.

We are CCPA-aligned for California residents. We do not sell personal information. We do not use personal information for behavioral advertising.

We do not have SOC 2 Type II certification. We plan to pursue it as we grow; no committed date yet. We do not claim HIPAA compliance. TableWork is not designed or validated for health information covered by HIPAA. If your business handles protected health information, do not use TableWork for that data until we complete a HIPAA BAA program, which is not currently in scope.

Reporting a vulnerability

If you discover a security vulnerability in TableWork, please report it to contact@sovyren.com. We will acknowledge your report within 24 hours and provide a status update within 5 business days.

We ask that you not disclose the vulnerability publicly until we have had a reasonable time to investigate and address it. We do not have a bug bounty program at launch. We do have a hall of fame acknowledgment for responsible disclosures.

Status

System status and incident history are published at status.tablework.io . Past incidents are published to /legal/security-incidents.