Security & Compliance
How Guardix protects your data and supports your compliance obligations, from encryption to access control.
Request detailsHow we protect your data
Guardix is built with least-privilege access, encryption in transit and at rest, and scoped permissions that keep each tenant and client portal isolated.
- Encryption in transit and at rest
- Role and scope-based access control
- Tenant and client-portal data isolation
- Audit trails across operational events
Standards and certifications
We align our practices with SOC 2, GDPR, and CCPA expectations. Reach out for our current documentation and trust details.
What isolation looks like
Encrypted by default
Every byte encrypted in transit and at rest — no configuration required.
Every access logged
Sensitive reads and admin actions land in a tamper-evident trail.
Scoped at the data layer
Queries filter to your tenant; client portals see assigned sites only.

One tenant, one boundary
Every request carries an organization-scoped token, every query is filtered to your tenant, and every sensitive access lands in an audit trail. Isolation isn't a setting someone has to remember — it's the default shape of the system.
- Organization-scoped tokens on every API request
- Role-scoped queries enforced at the data layer
- Audit trails across operational and admin events
Security posture, not security theater
- Shared logins and spreadsheet exports
- One access level for everyone
- Data location and retention unclear
- SSO via OIDC with per-user identities
- Scoped permissions enforced at the data layer
- Tenant-isolated data with audited access
“Procurement's security questionnaire took an afternoon instead of a month.”
Common questions
You asked
Common questions
We answered
Only your tenant's users, scoped by role. Client portal users see assigned sites only.
Logto-backed SSO with organization-scoped tokens; permissions are enforced server-side per request.
Yes — your data is yours. Reports and raw exports are available on request and via the API.
