Isolation and least privilege, built into the foundation.
Compass separates every business at the database level, scopes credentials tightly, and keeps audit records of what happened. Security is an architectural property here, not a feature bolted on later.
How Compass protects tenant data
These controls apply across the platform, from the database layer up to the session in your browser.
Tenant isolation
Every business runs as an isolated tenant. Data access is scoped to the tenant at the infrastructure layer, not just filtered in application code.
Database isolation
Each tenant has its own database, so one customer’s data is physically separated from another’s rather than sharing tables.
Scoped API keys
API keys are scoped to a tenant and to specific capabilities, limiting what any single credential can reach.
Sealed provider credentials
Third-party provider credentials are sealed and stored so they are protected at rest and used only when needed.
Server-side sessions
User sessions are managed server-side, reducing exposure compared to trusting long-lived tokens in the browser.
Password hashing
Passwords are stored using strong one-way hashing — never in plain text.
Audit records and deliberate data routing.
Compass keeps audit records of significant actions so there is a trail of what changed and who changed it. Data routing is deliberate — traffic and storage are directed with tenant boundaries in mind rather than left to chance.
- Audit records for significant actions
- Deliberate, tenant-aware data routing
- Least-privilege access to tenant resources
- Sealed credentials for third-party providers
Running on Cloudflare’s global network.
Compass is built on Cloudflare infrastructure, inheriting a hardened, globally distributed platform. Our subprocessor list documents the third parties involved in delivering the service.
View our subprocessors- Cloudflare-native compute and storage
- Globally distributed by design
- Published subprocessor list
- Data-processing terms available
A clear path when something needs attention
If you believe you have found a security issue, we want to hear from you. Reach our team through the contact page and we will follow our incident-response process. A more formal security center will follow as larger clients begin evaluating Compass.
Evaluating Compass for a security review?
We are glad to walk your team through isolation, credential handling, and our data-processing terms in detail.