Projoint
Log in Start free
Security

Built on row-level security, not bolted-on access checks.

Your data isolation lives in Postgres, not in an API layer someone could forget to add. The database itself refuses to read across teams.

60+
RLS policies
๐Ÿ‡ช๐Ÿ‡บ
EU data residency
Never
AI training on you
Always
Export your data

How we keep your data yours.

โ—‡

Row-level security on every read

Postgres RLS policies live on every multi-tenant table. No cross-team data leak is possible at the query layer โ€” the database itself rejects reads outside your team scope. The API role runs as a non-superuser with NOBYPASSRLS, so the policies always apply. 


                      SET LOCAL app.current_user_id = ?;  -- on every request
โ—‰

Encryption end-to-end

Postgres + Redis at rest with AES-256. TLS 1.3 in transit. Object storage (files, voice notes) signed-URL-only โ€” no public buckets. BYOK API keys encrypted with libsodium per-team master key.

โ—

No AI training on your content

We don't fine-tune on user data, ever. Both BYOK (you pay the provider directly) and Managed AI (we use Anthropic with the no-training data policy + 30-day deletion) keep your content out of model training pipelines.

โ—ญ

Open data, open exit

Export everything โ€” tasks, comments, files, time entries โ€” as a JSON + binary archive any time. Available on every paid plan. No "premium export" gating, no proprietary lock-in formats.

โ—

Audit trail you can subpoena

Every comment edit, status change, role grant, file access โ€” written to an immutable audit log (Team+). Export to CSV / JSON on Enterprise. Includes impersonation sessions (when our staff opens your data with explicit permission for support).

Compliance โ€” honest roadmap.

We tell you what's live today, what we're working on, and what's further out. No "SOC 2 ready" marketing fog.

Today
  • GDPR compliant data handling
  • Right to access, rectify, delete
  • EU-region data residency (Hetzner FRA / NUE)
  • TLS 1.3 + AES-256 at rest
  • Per-row audit trail
In progress ยท 2026
  • SOC 2 Type I (target Q3 2026)
  • ISO 27001 controls baseline
  • Pen-test by external firm
  • Automated DR drills
Planned ยท post-v1
  • SOC 2 Type II
  • HIPAA BAA
  • On-prem / self-host (Enterprise+)
  • Customer-managed encryption keys
  • Multi-region failover

Your data is yours. Always portable. Always deletable.

One-click export (JSON + files) on every paid plan. Account deletion gives a 30-day undo window, then a permanent purge with cryptographic proof on request. No "premium" gating on either path.

  • โœ“
    Export anything

    Tasks, comments, files, time entries, audit log, chat, wiki โ€” all of it.

  • โœ“
    Right to be forgotten

    Account delete cascades to your personal team; team data you authored stays attributed to "Deleted user".

  • โœ“
    No training, ever

    We don't fine-tune on your content. Anthropic's no-training data policy applies for Managed AI users.

Found a vulnerability?

Email security@projoint.tech with a description and reproduction steps. We acknowledge within 24 hours, fix within 7 days for criticals. Hall-of-fame credit (with your permission) once a fix ships.

security@projoint.tech Talk to us about Enterprise โ†’

Ship the next thing faster.

Free for ten users. No card required. AI optional.

Start free Book a demo