Skip to content

Security & Compliance

Built so AI can actually touch your company data.

OpenBase is built as an AI workspace an IT team can sign off on — tenant separation on dedicated PostgreSQL schemas, mandatory SSO, audit log and EU hosting for teams that need it.

EU hosting FrankfurtGDPR-readyMandatory SSOTenant-isolated

Tenant separation on dedicated schemas

  • Every workspace gets its own PostgreSQL schemas (system, auth, app), derived from the tenant ID resolved from the session
  • Generated module code runs in isolated Cloudflare Worker sandboxes with the database search path scoped to the tenant schema
  • Conversations, files and knowledge sources are filtered by tenant at both application and schema level

EU hosting in Frankfurt

  • Digital Ocean Managed PostgreSQL and App Platform in Frankfurt, Germany (region fra)
  • Files in Cloudflare R2 (EU region selectable per bucket configuration)
  • Data Processing Agreement (DPA) available on request
  • Data export and workspace deletion on request within GDPR timelines

AI calls flow through controlled routes

  • LLM and embedding calls run exclusively through commercial API routes (OpenRouter), never through consumer endpoints
  • EU mode per workspace: routing restricted to providers with opt-out of training data (AWS Bedrock eu-central-1)
  • Default model is Anthropic Claude Sonnet — admins can restrict allowed models and providers per workspace
  • Data flow diagram and API route overview available on request

Authentication without password risk

  • SSO only: Google Workspace and Microsoft Entra ID
  • No password storage, no magic links, no credentials login
  • SAML 2.0 for Okta, OneLogin and similar IdPs on Enterprise request

Permissions & audit

  • Admin and member roles per workspace, plus owner and member permissions per conversation
  • Audit log for settings changes, connector connect and disconnect, role changes and admin actions
  • CSV export of the audit log from the admin area

Connectors with configurable scopes

  • OAuth integrations for Slack, Google Workspace (Gmail, Drive, Calendar, Docs, Sheets), HubSpot, Jira, Asana, Shopware, LinkedIn, Meta and Google Ads
  • Per-connector scope groups — write actions can be disabled per workspace, and a "Read only" preset does it in one click
  • OAuth tokens are stored per workspace and never passed into module or LLM context

Security reviews and DPA support

For regulated industries we provide data flow documentation, a security overview, a DPA template and bespoke security reviews on request.

Contact security team

Ready for AI
that works for the whole company?

Sign in with your company account. Workspace is ready in seconds — no setup, no credit card.

Start for free

Trial workspace — full product up to €15 of model usage. No credit card required.