Security & data isolation

One tenant per instance. Never shared.

We don't run a shared database with a "tenant column." Every customer gets a genuinely separate instance — separate process, separate database, separate credentials.

🧱

Isolated instance

Your platform runs in its own container with its own memory, secrets, and subdomain. A neighbor's load or bug can't reach you.

🗄️

Dedicated database

Your data lives in its own database with its own login. No cross-tenant queries are even possible.

🔐

Encrypted secrets

Connector credentials (e.g. your clients' Microsoft 365 apps) are encrypted at rest with a per-instance key.

🪪

SSO & role-based access

Microsoft 365 SSO for staff and contacts, granular roles, and full audit logging of privileged actions.

🧬

Malware-scanned uploads

Inbound email and ticket attachments are scanned before they're ever served; risky files are quarantined fail-safe.

📜

Licensed & verified

Each instance is cryptographically licensed and verified, so only authorized deployments run.

The AI question

How is AI handled?

AI features route through a MIDTC-operated gateway rather than embedding model credentials in your instance. That keeps model access controlled and usage metered transparently — and means your ticket content is sent to the AI provider only when an AI action runs, never mined in the background.

Your data, your exit

Portability & offboarding

Because your data sits in a dedicated database, a full export is straightforward on request. If you ever leave, we snapshot and hand over your data, then permanently destroy the instance and its database.

Get started →