Security
Trust you can audit.
Auteri handles pay apps, lien waivers, and collections: documents with real money attached. So the trust posture is enforced in the database and the code, and stated here exactly as it is. No claim on this page goes further than what the system enforces.
01
Your workspace is isolated at the database
Every tenant table carries Postgres row-level security, forced so even the app's own role cannot skip it. A query without your workspace's context returns zero rows: isolation fails closed instead of leaking.
Postgres RLS, forced · fail-closed · non-bypass DB role
02
Every action lands in an append-only ledger
Everything an agent or a person does in your workspace is written to an audit ledger you can review in the product. A database trigger rejects any update or delete on it, so history cannot be rewritten. Not even by us.
DB trigger rejects UPDATE and DELETE · reviewable in-app
03
Nothing binding goes out without a human
Sensitive and gated steps route to an approval queue, and the single code path that executes work refuses to run a gated task until a person has decided. Human-in-the-loop is an invariant here, not a policy document.
Approval gate wired into the only execution path
04
Lien-waiver templates are counsel-gated
A binding waiver will not render from a template an attorney has not approved; the renderer throws instead. Previews carry a diagonal DRAFT watermark on every page, and statutory forms are transcribed verbatim, never paraphrased.
Binding render refuses unapproved templates · drafts watermarked
05
Integration tokens are encrypted at rest
QuickBooks and Procore OAuth tokens are sealed with AES-256-GCM, authenticated, with a fresh nonce on every write and a separate key per integration. A missing or malformed key fails loudly rather than degrading to weaker storage.
AES-256-GCM · per-integration keys · no silent fallback
06
Payments are handled by Stripe
Subscriptions run through Stripe-hosted checkout and the Stripe customer portal. Card numbers are entered on Stripe's pages and stay there: no card data touches Auteri's servers or database.
Stripe Checkout + portal · no card data stored
07
Onboarding is invite-only
There is no public self-signup. Workspaces are set up by our team and joined through single-use invite links that expire in seven days; we store only a hash of the invite token, never the token itself.
Single-use invites · 7-day expiry · token hashed at rest
08
SOC 2: on our roadmap
We have not attained SOC 2 and will not imply otherwise. The controls above are the groundwork; the attestation is planned. Ask where we are and we will show you the current state, not a badge.
In progress · honest by default
Want to poke at any of this? Bring your questions to the audit. We will walk you through the ledger, the approval queue, and the isolation model on real screens.
Book a free cash-risk audit