How security and data isolation work in Ali-E

Security isn't a banner that says 'we care about your data' — it's concrete engineering. Here's how the platform is actually protected.

Row Level Security: protection in the database itself

Every table is locked down with access policies at the PostgreSQL level. That means the rule 'a company sees only its own data' is enforced in the database, not just in app code. Even a frontend bug won't expose other people's data.

Secrets never leave the server

Keys for AI, telephony and other services live in secure server functions and never reach the browser. Heavy and sensitive operations run on the server, not the client.

XSS protection

Any content that could contain malicious code (including AI output and rich text) is sanitized before display. That closes a whole class of attacks.

Tenant isolation

Each company is a separate 'tenant'. Tenant data is partitioned so it can't cross over. That's the core principle of multi-tenant SaaS, and we enforce it at the database level.

Careful errors and limits

We return generic error messages to the client (no technical details), and AI functions are rate-limited — protecting both your data and service stability.

We talk about this in detail on purpose: small-business security shouldn't be a black box. If you have data-protection questions — write to us and we'll answer substantively.