Skip to content

Security & Compliance

Built so AI can actually touch your company data.

OpenBase is built as an AI workspace an IT team can sign off on — tenant separation on dedicated PostgreSQL schemas, mandatory SSO, audit log and EU hosting for teams that need it.

Hosting w UE FrankfurtZgodność z RODOObowiązkowe SSOIzolacja tenantów

Tenant separation on dedicated schemas

  • Every workspace gets its own PostgreSQL schemas (system, auth, app), derived from the tenant ID resolved from the session
  • Generated module code runs in isolated Cloudflare Worker sandboxes with the database search path scoped to the tenant schema
  • Conversations, files and knowledge sources are filtered by tenant at both application and schema level

EU hosting in Frankfurt

  • Digital Ocean Managed PostgreSQL and App Platform in Frankfurt, Germany (region fra)
  • Files in Cloudflare R2 (EU region selectable per bucket configuration)
  • Data Processing Agreement (DPA) available on request
  • Data export and workspace deletion on request within GDPR timelines

AI calls flow through controlled routes

  • LLM and embedding calls run exclusively through commercial API routes (OpenRouter), never through consumer endpoints
  • EU mode per workspace: routing restricted to providers with opt-out of training data (AWS Bedrock eu-central-1)
  • Default model is Anthropic Claude Sonnet — admins can restrict allowed models and providers per workspace
  • Data flow diagram and API route overview available on request

Authentication without password risk

  • SSO only: Google Workspace and Microsoft Entra ID
  • No password storage, no magic links, no credentials login
  • SAML 2.0 for Okta, OneLogin and similar IdPs on Enterprise request

Permissions & audit

  • Admin and member roles per workspace, plus owner and member permissions per conversation
  • Audit log for settings changes, connector connect and disconnect, role changes and admin actions
  • CSV export of the audit log from the admin area

Connectors with configurable scopes

  • OAuth integrations for Slack, Google Workspace (Gmail, Drive, Calendar, Docs, Sheets), HubSpot, Jira, Asana, Shopware, LinkedIn, Meta and Google Ads
  • Per-connector scope groups — write actions can be disabled per workspace, and a "Read only" preset does it in one click
  • OAuth tokens are stored per workspace and never passed into module or LLM context

Security reviews and DPA support

For regulated industries we provide data flow documentation, a security overview, a DPA template and bespoke security reviews on request.

Contact security team

Gotowi na AI,
które działa dla całej firmy?

Zalogujcie się kontem firmowym. Workspace jest gotowy w kilka sekund — bez konfiguracji, bez karty kredytowej.

Workspace testowy — pełny produkt do 15 € zużycia modeli. Karta kredytowa nie jest wymagana.