Launch in

Loading…

Security

Tenant isolation by design, not by hope

BaseCrew is built for corporate companies — especially Indian SMEs & MSMEs — who handle sensitive internal and client work. Your organisation's data is never visible to another customer.

How we enforce isolation

Security is architectural - enforced at the database, API, storage, and test layers.

Database isolation

Every tenant record includes organizationId. Queries always filter by it - no exceptions.

Session-bound auth

Your session token includes your organization. The server rejects cross-tenant requests.

API enforcement

All routes resolve tenant from session, not from client-supplied IDs alone.

S3 path isolation

Screenshots and files stored under organization-specific paths in object storage.

Automated tests

Isolation test suite with duplicate names across two orgs - run on every deploy.

No UI-only security

We don't rely on hiding menu items in the browser as our security boundary.

Retention & deletion

Active subscription

Data retained while your subscription is active. Screenshots tiered to lower-cost storage over time per plan.

Deactivated account

90-day grace period with email warnings at 30 and 7 days before permanent deletion.

After deletion

Operational data and files permanently removed from our systems.

Full policy details are in our data isolation documentation. Questions? Get in touch via signup.

Ready to run your team on isolated infrastructure?

Start free