/01Per-agency isolation, down to the database
Every record carries your agency identifier; isolation is enforced at the application level AND at the PostgreSQL level (forced Row-Level Security). Automated isolation tests verify on every release that no agency can read another one’s data.
/02Hosted in the European Union
Servers and backups in the EU, under European law. No transfer of your business data outside the EU.
/03Encryption
TLS everywhere, sensitive secrets (IBAN, integration tokens) encrypted at rest with a dedicated versioned key, encrypted backups, documented rotation.
/04Modern authentication
Per-device revocable sessions, TOTP two-factor available to everyone and enforceable by your agency, role-based locking and fine-grained per-member permissions.
/05Audit log
Sensitive actions are recorded in an append-only, database-enforced tamper-proof register. Any ROSTER support intervention on your account is traced and visible.
/06GDPR
Ready-to-sign DPA, public subprocessor list, full self-service data export, certified purge within 30 days after termination.