Supersei
Security & governance

Built like enterprise. Sold to SMB.

Multi-tenant by design, isolated at every layer, audited at every action — the things your security team will ask about, built in from day one.

Tenant model

Multi-tenancy & data isolation

  • Row-level isolation — every table carries org_id and every query runs inside a tenant context. No cross-tenant reads, ever.
  • JWT-bound org resolution — the org_id claim is the security boundary; subdomain is for routing only. Mismatched requests are rejected with 403.
  • Provider control plane — platform admins can provision, suspend and impersonate orgs with full audit trail (the imp claim flags every impersonated write).
  • Per-tenant branding — logo, fonts, theme and login methods configured per org. White-label ready.
Identity

Authentication & access control

  • Invitation-only onboarding with multiple sign-in methods per workspace.
  • Email OTP, Phone/SMS OTP (MSG91), WhatsApp OTP (approved template), password (bcrypt), Google OAuth, Zoho OAuth.
  • Stateless JWT (HS256) with access + refresh tokens; full login audit (IP, device, geo, client kind).
  • Role-based access control (RBAC): built-in roles + custom roles with granular scopes (e.g. leads:read, calls:edit).
  • Function-based sharing orthogonal to role — share a lead to a user directly, or to everyone in a function.
  • Field-level permissions — per-field read/write control, including per-user grants and function-level denials for PII.
Encryption & integrity

Data protection

  • Email / WhatsApp / OAuth credentials encrypted at rest, key sourced from AWS Secrets Manager in production.
  • Inbound webhooks HMAC-signed (SHA-256). Outbound deliveries signed and retried with backoff.
  • Per-org, sliding-window rate limiting (Redis-backed) to mitigate abuse.
  • API-key scopes — public ilcrm_ keys carry granular scopes, expiry and revocation.
Conversation intelligence

AI governance

  • All call recordings flow through Cloudflare R2 (S3-compatible) with per-tenant buckets.
  • Deepgram for transcription; Anthropic Claude for analysis. Draft-and-confirm flows keep the rep in the loop.
  • AI usage ledger meters every model call (input/output/cache tokens, cost) — auditable per org.
  • Multiple models by workload (Claude Sonnet for fast tasks, Opus for deep analysis, Haiku for light tasks) with prompt caching for cost control.
Compliance

GDPR, audit & data residency

  • Soft-delete with retention window before hard deletion. One-click per-org data export (JSON to R2 with a short-lived URL). Audited erasure requests.
  • Admin activity log records logins, role changes, workflow edits, settings changes, and lead changes (actor, action, resource, timestamp).
  • Impersonation accountability — the imp JWT claim flags every write performed under support impersonation.
  • Cost governance — AI usage ledger meters every model call for transparency and future per-org caps.
Platform

Infrastructure & reliability

  • Containerised — Docker images deployed on AWS ECS.
  • Horizontally scalable API tier — stateless JWT auth means the API scales out freely.
  • Single leader-elected instance runs background consumers (via Postgres/Redis lock with retry), preventing duplicate side effects.
  • Durable async work — Arq on Redis handles transcription submission, import batches and bulk actions off the request path.
  • Resilient delivery — webhook dispatch retries with backoff and deduplication; full delivery history retained.
Buyer checklist

What enterprise evaluators ask — and our answers.

Multi-tenant isolation?
Row-level org_id scoping, JWT-bound, subdomain-mismatch rejection.
SSO / auth options?
Google + Zoho OAuth, email/SMS/WhatsApp OTP, password; invitation-only.
RBAC + field-level security?
Roles + scopes, function sharing, per-field read/write control.
API + webhooks?
Public REST API (scoped keys) + signed inbound/outbound webhooks.
Data export / GDPR?
One-click export, soft-delete retention, audited erasure.
Audit logging?
Actions, actor, resource, timestamp; impersonation flagged.
Where is data stored?
PostgreSQL + R2 (S3-compatible); credentials encrypted via Secrets Manager.
Scalability?
Stateless API scales horizontally; leader-elected background workers.
Ready when you are

See it work on your pipeline. In 20 minutes.

A live walkthrough of the engine on real data, narrated as a lead's journey from ad-click to closed deal.

Book a demoTalk to sales