Security
Multi-tenant by design.
When you let a vendor run integrations against your CRM, finance system, and database, isolation is the whole product. Here is how Weldforge is built so one tenant can never see another’s data.
Data isolation
Every row carries a tenant ID, enforced by PostgreSQL Row-Level Security. The application connects as a role that cannot bypass RLS, so even an application bug cannot leak data across tenants. Canary tests run in CI on every build: insert as tenant A, assert invisible to tenant B.
Secrets isolation
Each tenant’s credentials are encrypted with a dedicated data encryption key, itself envelope-encrypted under a KMS customer master key. One tenant’s secrets are never protected by the same key as another’s.
Runtime isolation
Integrations execute in ephemeral microVMs (Firecracker / Fargate) with per-tenant IAM and an egress allowlist derived from the spec. There are no standing, shared tenant containers.
Observability isolation
Logs, metrics, and traces are tenant-tagged and segregated through a query-rewrite proxy. Monitoring never mixes one tenant’s telemetry with another’s.
Staff access
Staff cannot read tenant data casually. Access is break-glass, masked by default through a proxy, and recorded in a dual audit log. Owners must use MFA; staff cannot impersonate without break-glass.
Encryption everywhere
TLS in transit and encryption at rest across the platform, with least-privilege access to every secret and system.
You own your spec and data
No lock-in. The plain-English spec that defines your integration is yours, human-readable, and exportable — along with your data — whenever you want it. We run it for you; we never hold it hostage.
Compliance posture
- SOC 2 Type I
- Targeted month 6, with Vanta-style continuous monitoring from day one.
- SOC 2 Type II
- Targeted months 12–15, after a 6-month observation window.
- HIPAA-ready
- Foundry tier; BAA with customer and subprocessors handling PHI.
- GDPR
- EU data residency available; DPA on request.
Security questions or a vendor review? security@weldforge.ai
Stop writing glue code.
Describe what you want connected. We build it, run it, and bill one flat fee.