Servicio is a multi-tenant SaaS platform. Tenant isolation is not a middleware — it's the foundation. Every query filters on tenant_id. Every audit log entry captures actor + before/after. Every AI call is tagged with source and logged.
Every tenant-scoped table carries a tenant_id. A global Eloquent scope filters every query automatically. Route-bound models that carry a tenant_id are cross-tenant-checked in middleware before they hit your controller. Cross-tenant data bleed is not possible in the query layer — there are no code paths that bypass this.
Four roles — super_admin, owner, technician, client — enforced via middleware. Staff log in with email + password (or SSO on Enterprise). Clients authenticate via magic link (no passwords to steal), one-time tokens with a 30-minute window.
No card numbers ever touch our servers. All card data is tokenized at the Stripe Elements iframe and stored on Stripe's vault. Your tenants are the merchants of record via Stripe Connect Express — minimizing your compliance surface and ours.
All traffic is TLS 1.3. Database-level encryption at rest via AWS RDS KMS. Sensitive fields (API keys, OAuth tokens) additionally encrypted application-side. Per-tenant encryption keys available on Enterprise plans.
Settings changes, client record updates, template edits, commission plan modifications — all logged with actor, timestamp, and before/after diff. Owner-visible at /audit-log. Super-admins have a cross-tenant audit feed for compliance reviews.
Every invocation of the AI composer — dunning, summary, reply, translate — writes an ai_requests row with the system prompt, user prompt, output, token counts, duration, and source (ai vs fallback). You can see exactly what Claude was asked and what was returned.
Continuous WAL backups with 35-day point-in-time restore. Cross-region replica. Quarterly disaster-recovery drills with published RTO (1h) and RPO (5m). Your data survives an AWS region outage.
Your customer data is never used to train AI models. We do not sell or share tenant data with third parties. Subprocessors are published and audited. Full GDPR and CCPA data-export + deletion support.
Production runs active/active across three AWS regions (us-east-1, us-west-2, eu-west-1). Status page at status.servicio.app publishes SLI/SLO data in real time. Enterprise customers carry a 99.9% SLA with penalty credits.
Trust Services Criteria: security, availability, confidentiality. Audited annually by Prescient Assurance.
Data processing addendum available. EU-based tenants served from eu-west-1 region.
California Consumer Privacy Act — data-export and deletion self-serve in settings.
Card data never enters our systems. Merchant-of-record obligations live on Stripe Connect.
Not currently a covered entity. No protected health information processed.
Automated SMS messaging follows TCPA opt-in/opt-out. Inbound STOP automatically honored.
Every marketing email carries unsubscribe + physical address. Transactional messages appropriately labeled.
Ongoing audit. Tech app + client portal currently at WCAG 2.1 AA for all primary flows.
Enterprise customers and prospective enterprise customers can request our SOC 2 Type II report, current penetration-test summary, subprocessor list, and data-processing agreement from our security team.