Multi-tenant native
Security and compliance, designed in
ALEXUS was built for organizations that operate at scale and need to prove it on demand — every tenant isolated, every action audited, every credential encrypted.
No bolt-on retrofits, no "check back next quarter" for SOC pre-reqs. The isolation primitives ship in every release.
Postgres Row-Level Security
Every tenant table enforces RLS. JWT tenant_id is extracted at the request edge — no leaks, no shared state.
Per-tenant Fernet encryption
Vendor credentials are wrapped in Fernet AES-128-CBC + HMAC-SHA256, with per-tenant keys sourced from settings or environment.
Tenant-scoped graph + cache
Redis key prefixing and Neo4j Lucene `_tenant_token` filtering keep one tenant's CIs, incidents, and signals invisible to every other tenant.
Full audit chain
Every CREATE/UPDATE/DELETE on audited entities is logged with actor, source, and timestamp. User activity events are queryable end-to-end.
NIS2 compliance reporting
Change records, incident outcomes, and the audit chain are wired together so NIS2 reports are a query, not a quarter-long project.
GDPR right-to-erasure
First-class workflow for data subject requests. Embeddings, audit entries, and graph nodes are all part of the cleanup, not just the rows in Postgres.