EU data residency
Hosted in the EU (Frankfurt) by default, mirroring the platform’s residency posture. A documented Swiss-sovereignty upgrade path is available for defence and institutional deployments.
Security & Compliance
European, sovereign-ready, secure by design.
This audience buys on trust. Here is our posture — described as it is built, not as certifications we do not yet hold.
Identity & access
Authentication via Supabase Auth with MFA (TOTP), role-based access control, and a granular grant resolver so each person sees exactly their share.
Device security
Per-device credentials with ACLs scoped to your tenant subtree, plus an mTLS option for enterprise and defence devices, with a CA per tenant.
Tenant isolation
Row-level security by tenant across the control plane, and per-tenant time-series buckets for telemetry. One tenant cannot read another’s data.
Encryption
Encrypted in transit (TLS, mTLS option) and at rest. Secrets live in a managed store — never in code or in the client bundle.
Backups & recovery
Point-in-time recovery on the database and managed time-series backups, with restore procedures exercised, not just enabled.
Privacy & legal
Built for GDPR and Swiss FADP: a sub-processor list, a DPA on request, and data-subject erasure across PII and the tenant bucket.
Engineering standards
ECSS-aligned engineering practices, an audit log of privileged actions, and a responsible-disclosure path.
Responsible disclosure
Found something? Email security@neoorbit.eu. We publish a security.txt and respond to good-faith reports.
/.well-known/security.txt