Enterprise security isn't a feature. It's the foundation.

Authentication & Access Control

Triple-layer authentication: JWT tokens, API keys (SHA-256 hashed), and OAuth/SSO integration with Azure AD, Okta, Auth0, Google, GitHub, and Facebook. Role-based access control with 8 granular permissions across 4 role tiers. Every action is gated by require_permission() dependency injection.

Tenant Isolation

Multi-tenant architecture with UUID-based tenant identification and row-level security policies in PostgreSQL. Your data never touches another tenant's scope.

Audit Trail

Immutable INSERT-only audit log. Every action — authentication events, analysis runs, report access, configuration changes — is recorded with timestamp, actor, and context. Audit entries cannot be modified or deleted, only appended and revoked.

Data Handling

Your code is analyzed in an isolated environment. Analysis results are stored in encrypted PostgreSQL with tenant-scoped access.

We do not train models on customer code. Ever.

We do not share your data. We do not sell your data. Full data handling policy available at /legal/data-handling.

Rate Limiting & Abuse Prevention

Redis-backed sliding window rate limiting with configurable tiers. Prevents brute force, credential stuffing, and API abuse at the infrastructure level.

Compliance Frameworks

Axiom Refract doesn't just analyze your compliance — it's built to meet enterprise security standards itself. The platform's security architecture is designed with SOC2 and NIST controls in mind, including access control, audit logging, encryption, and tenant isolation.

Zero-Telemetry Option

For organizations with strict data sovereignty requirements, Axiom Refract can be configured for zero external telemetry. No usage data, no analytics, no phone-home. Your instance, your data, your control.