Security at Gurulu

EU-native, tenant-isolated, audit-logged.

Security is not a checkbox you reach on day 200 — it is the schema you ship on day one. EU-hosted, row-level data isolation, and an audit log on every tier including Free.

Last updated · 19 May 2026

Seven pillars

How the platform is wired for safety

Every pillar is a default — turned on for Free and Pay-as-you-go alike. Nothing here is a paid upsell.

01 · Infrastructure

EU-hosted with automatic failover

All production compute, storage and queues run inside the EU border, with automatic failover between regions. The only AWS service we touch is a managed AI model in the EU region, used as a fallback — and even then the payload is pseudonymized before it leaves our network.

02 · Tenant isolation

Postgres RLS per row, ClickHouse prefix per tenant

Every Postgres table is protected by a row-level security policy keyed on tenant_id. Every ClickHouse table is prefixed by tenant. There is no shared cache and no cross-tenant query path. A bug in application code cannot leak across tenants because the database refuses the read.

03 · Encryption

TLS 1.3 in transit, AES-256 at rest

Every endpoint terminates TLS 1.3 with modern cipher suites. Postgres + ClickHouse use disk-level encryption. MinIO objects (session replays, sourcemaps, exports) are encrypted with per-tenant keys. Backups are encrypted before they leave the host.

04 · Access control

Magic link + OAuth + RBAC + scoped API keys

Magic link is the primary auth path — no passwords to phish. Google and GitHub OAuth are secondary. Inside the tenant, RBAC scopes Owner / Admin / Editor / Viewer. API keys are scoped per workspace and can be rotated or revoked instantly. SSO is included on Custom; SAML/SCIM are an opt-in add-on.

05 · Privacy zoning

Mask or skip-capture on sensitive pages

Checkout, KYC, payment, healthcare and any URL pattern you mark as sensitive is captured in mask mode or skipped entirely. Input values never leave the browser, and PII fields are stripped at the ingest gate. The default is paranoid — the opt-in is liberal.

06 · Audit log

Default-on for every tier, every action

Every admin action — registry edits, identity merges, policy changes, API key rotations, member invites — lands in an immutable audit log with actor, IP, user-agent and diff. Audit log is on for Free too. Retention is 7 years (legal requirement) regardless of tier.

07 · Compliance

GDPR + KVKK + CCPA today, SOC 2 + ISO 27001 next

We are GDPR, KVKK and CCPA compliant by design — EU residency, full DSR support, sub-processor disclosure, breach notification within 72 hours. SOC 2 Type II is on the roadmap for the end of Phase 2; ISO 27001 follows at the end of Phase 3. A public trust center will track progress.

Responsible disclosure

If you believe you have found a security issue, please email us before publishing. Reach the security team at security@gurulu.io. We commit to a 90-day disclosure window, a same-day acknowledgment, and a public credit on the security page when the fix ships. We do not pursue researchers who follow this policy in good faith.

Related legal pages

Privacy PolicyData Processing AddendumTerms of Service
Security — Gurulu