Per-tenant database roles
Each organisation runs under its own PostgreSQL login role, scoped to its own schema. Cross-tenant access is rejected by PostgreSQL itself — not by application code.
Security shouldn't depend on application code being perfect. KREO isolates every tenant at the PostgreSQL privilege level, so a bug in a query can never reach another customer's data.
Multiple independent layers, each enforced by the platform.
Each organisation runs under its own PostgreSQL login role, scoped to its own schema. Cross-tenant access is rejected by PostgreSQL itself — not by application code.
Integration secrets and credentials are sealed at rest with authenticated encryption, using rotatable keys.
WebAuthn passkeys and TOTP multi-factor authentication protect every account, with bcrypt password hashing as the baseline.
Keys are stored only as SHA-256 hashes, can be expired, and can be locked to specific CIDR ranges.
Restrict API access to trusted networks so a leaked key is useless from anywhere else.
Logins, key rotations and privileged actions are recorded with IP address and user agent.
Independent per-IP and per-account rate limits with constant-time password verification.
Stateless, signed JWT sessions delivered over HTTP-only, Secure, SameSite cookies.
If you believe you've found a security vulnerability in KREO, we want to hear from you. Email security@kreo.work with details and steps to reproduce. We investigate every report and will keep you updated on remediation.
KREO's infrastructure is hosted in the European Union. Where data is transferred internationally, we use appropriate safeguards. See our Privacy Policy.
Multi-tenant isolation, encryption and MFA — included on every plan.