Privacy-First: Not a Feature, an Architecture

We measure the shape and ratio of metadata actions — never the semantic content. Multi-layered isolation ensures your organisational data stays yours, architecturally, not just contractually.

Design Principles

Privacy by Architecture

Data isolation built into the data access layer, backed by database-level policies and partitioned across regions. Breaching one layer doesn't compromise the system.

Complete Transparency

Every data access logged. Every configuration change tracked. Full audit trail accessible to account administrators.

Metadata Only, Never Content

We never read emails, chats or documents. We measure behavioural topography — ratios of actions, interaction shapes, network structures. Individual signals are converted into anonymised Workstyle Avatars, not individual profiles.

Compliance by Design

GDPR Article 44+ data residency built into infrastructure. SOC 2 controls designed before code. Implementing certification, not retrofitting.

Three-Layer Isolation Model

Defence-in-depth through application, database and infrastructure layers. Each independently enforces tenant isolation.

L1

Application Layer: Data Access Layer

Every query flows through a single DAL that injects tenant scoping from the authenticated JWT. No direct database access. No unscoped queries.

✓ Operational
L2

Database Layer: Row-Level Security

PostgreSQL RLS policies enforce tenant isolation at the engine level. Even if application logic fails, the database rejects cross-tenant queries.

→ Coming soon
L3

Infrastructure Layer: Regional Partitioning

Multi-region database routing. European data stays in EU-West, US data in US-East. Physical isolation meets GDPR jurisdictional requirements.

→ Coming soon

What's Protecting Your Data Today

JWT-Based Auth

HS256 tokens with embedded account ID. Validated on every request.

Complete Audit Log

Every action logged with timestamp, IP, resource and change metadata.

Cloud-Native Storage

Cloudflare R2 with account-scoped prefixes. Physical path isolation.

Some tools analyse email sentiment or scan chat content — that's organisational spyware, not analytics. TensoryX takes the opposite approach: metadata patterns only, converted into anonymised business archetypes.

  • No content analysis — we measure behavioural topography, not what people write
  • Workstyle Avatars — behavioural signals become anonymised group-level archetypes, not individual dossiers
  • • Every query is scoped at the DAL, validated at the database, partitioned at infrastructure
  • • Every data access is logged and available for audit

Security as Foundation

Technical integrity over marketing promises.