architecture

Built on boring primitives.

No exotic crypto. No custom auth flows. Boring, well-understood building blocks, applied carefully and tested by an internal security audit (15 findings, all 15 closed at launch — full summary available on request below).

/ 01

Tenant isolation

Multi-tenant via PostgreSQL Row-Level Security. Every table carries a tenantId column; RLS enforces at the database, not in application code. Cross-tenant access is rejected at the database layer rather than relying on application-level checks.

/ 02

Credentials

Connector secrets sealed with AES-256-GCM at rest. Keys held outside the application code path, not in environment variables. Rotation is operator-driven and audit-logged.

/ 03

Authentication

OIDC + PKCE for single sign-on. JWT with refresh-token replay detection. CSRF Double Submit Cookie pattern for mutations. Session fixation actively defended against.

/ 04

Transit & rest

TLS 1.3 everywhere, HSTS preload, Traefik with Let's Encrypt wildcard certificates. Only port 443 exposed externally. Backups encrypted independently, off-cluster.

data residency

Where your asset graph actually lives.

Default tenancy is the United Kingdom — UK cluster with PostgreSQL HA (Patroni), Redis Sentinel, OpenSearch. EU and US dedicated tenancy on the roadmap for Enterprise customers. Not vapour — scoped and prioritised.

United Kingdom UK tenancy · PostgreSQL HA all tiers live

European Union EU tenancy · planned enterprise planned

United States US tenancy · planned enterprise planned

compliance posture

What's earned, what's coming, and when.

Compliant means we have evidence we can produce on request. Aligned means we operate to the standard but haven't been audited against it yet. Planned means it's on a roadmap with a target window — no more, no less.

Standard Status Notes

UK GDPRdata protection act 2018 aligned Lawful basis · DPIA · DPA available on request

EU GDPRregulation 2016/679 aligned EU SCCs available · EU tenancy planned for enterprise

Multi-tenant isolationpostgresql row-level security aligned Tenant isolation enforced at the database layer

Internal security audit15 findings all 15 closed Summary downloadable · all findings closed at launch

Cyber Essentialsuk ncsc baseline in scoping

ISO/IEC 27001information security management in scoping Gap analysis under way

SOC 2 Type IIaicpa trust services criteria planned Following ISO 27001

Penetration testthird-party aligned Planned · annual cadence thereafter

sub-processors · published & dated

Who else touches your data.

Material changes to this list are notified 30 days in advance. Customers can object via written notice and we'll either grandfather or terminate, no fight.

Processor Purpose Region Transfer

Stripe Payments UK, Ltd. Subscription billing & payment processing United Kingdom UK GDPR

Postmark (Wildbit, LLC) Transactional email (notifications, invoices) United States SCCs

GitHub, Inc. Source control, CI/CD, container registry United States SCCs

Cloudflare, Inc. DNS, DDoS mitigation, edge caching for marketing site Global SCCs

No customer asset data passes through analytics, email or DNS providers. Data plane stays on the primary infrastructure provider only.

for security & procurement

Everything your security team will ask for.

All the artefacts up front. Most don't need an NDA. If something isn't published, ask — we'd rather hand it over than make you negotiate for it.

Security overview pdf · architecture, controls, audit findings · request a copy

request

Standard data processing addendum pdf · ready to sign · request a copy

request

Sub-processor list updated · view above

view

Internal security audit summary pdf · 15 findings, all closed · request a copy

request

Disaster recovery plan rto 4h · rpo 6h · request a copy

request

SLA template 99.9% uptime · enterprise tier · request a copy

request

Speak to a security engineer 30-min technical pre-sales call

book

vulnerability disclosure

Found something? We want to know.

Email security@ethersight.app with reproducer steps and we'll get back to you. We don't run a public bounty programme yet, but in-scope reports earn a public credit and (where appropriate) a meaningful thank-you. We won't go after good-faith researchers.

PGP key available on request from security@ethersight.app.

We don't bluff badges. You don't have to bluff approvals.

If your security or procurement team needs something we haven't published, ask. We'd rather hand it over than make you fight for it.

Talk to security See pricing

The architecture, not the marketing.

Built on boring primitives.

Where your asset graph actually lives.

What's earned, what's coming, and when.

Who else touches your data.

Everything your security team will ask for.

Found something? We want to know.

We don't bluff badges. You don't have to bluff approvals.