Security & Trust

Your business data, protected the way custom manufacturers expect

Slabr™ runs on tenant-isolated infrastructure with row-level security, encrypted storage, role and capability-based access, append-only audit logging on critical actions and POPIA/GDPR-aligned data handling.

See the controls Request DPA / security pack

1EncryptTLS 1.3 + AES-256

2IsolateRow-level security

3AuthoriseRoles + SSO + 2FA

4AuditAppend-only trail

Six pillars

Defence in depth, not one big wall.

Each layer covers a different failure mode. Together they keep your quotes, jobs, finance and client data inside your tenant.

Encryption at every layer

TLS 1.3 for traffic between browsers, the app and our database
AES-256 encryption at rest for customer data, via our managed database
Encrypted database backups with key rotation
Private storage buckets accessed via signed URLs

Tenant isolation

Row-level security enforced at the database
Queries scoped to your tenant — no cross-tenant data access
Separate storage namespaces per workspace
Tenant-id checks on application requests

Access control

Role and capability-based permissions per module and action
SSO via Google Workspace and Microsoft 365
Opt-in 2FA available to all users (role-required 2FA — planned)
Public API tokens — planned for advanced accounts

Audit & visibility

Append-only audit logging on critical security, job and finance actions
Who-changed-what surfaced for key events — coverage expanding
Login history and active-session view
Audit export available on request

Infrastructure

Hosted on enterprise cloud (Vercel + Supabase)
Region-pinned data residency available for qualifying workspaces
Automated database backups and point-in-time recovery via our managed database
Production secrets isolated from staging and dev

Compliance

GDPR-aligned data subject rights (export, delete) on request
POPIA-aligned (South African operations) and CCPA-aware (California)
Security and data-handling summary available on request
Sub-processor and data-processing documentation is being formalised

Shared responsibility

We secure the platform. You control your workspace.

Security in cloud SaaS is shared. Here's the line — and what each side owns.

What Slabr handles

Infrastructure

Encryption, network isolation, patch management, backups, uptime.

Application

Tenant isolation, RLS policies, role-based access, audit logging.

Compliance

Sub-processor management, breach notification, DSR tooling.

What you control

Users

Who has access, what role, when to revoke.

Data

What you input, who can export, retention preferences.

Integrations

Which third parties you connect to your workspace.

Incident response

If something goes wrong, this is what happens.

We don't pretend incidents never happen. We tell you what we do when they do.

Detect

Automated monitoring on application errors, failed auth, anomalous queries.

Triage

Severity assessed and affected tenants identified before any public disclosure.

Notify

We maintain internal incident-response procedures and communicate material security incidents to affected customers as quickly and responsibly as possible, with timing aligned to applicable law.

Remediate

Root cause fix, post-mortem published, controls updated.

Need our security and data-handling summary?

We'll send a security and data-handling summary, infrastructure overview and a snapshot of our control practices on request. Sub-processor and data-processing documentation is being formalised and will be shared as it lands.

Request the security summary Read the privacy policy

Need our security and data-handling summary?