Security at sSystm

Zero trust isn't our policy.
It's our architecture.

Most platforms protect one big database and hope the walls hold. sSystm never built the big database: every organisation’s records live in their own D1, on their own Cloudflare account. The blast radius of any incident is one tenant — by construction.

everyone.dbOne database. Everyone's blast radius.Org Aown Cloudflare accountD1 · sstm-a7f2c1jurisdiction: euOrg Bown Cloudflare accountD1 · sstm-b31e9djurisdiction: euOrg Cown Cloudflare accountD1 · sstm-c58a44jurisdiction: euIsolated vaults. Blast radius: one tenant.

The actual provisioning model: a dedicated D1 per organisation, on that organisation's own Cloudflare account — verified against the code.

The architecture

Six walls,
all load-bearing.

None of this is a compliance checkbox bolted on afterwards. Each one is how the platform is built —and each claim below is verifiable in the product.

01

Your data has no neighbours.

Every organisation gets its own D1 database on its own Cloudflare account. One tenant’s incident stays one tenant’s incident — and if a connection breaks, the API fails closed.

getByocDb(org) → your D1, on your account
02

EU means EU. Enforced.

Pick the EU at sign-in and your database is created with D1’s jurisdiction guarantee — infrastructure, not a privacy-policy promise. Verified after creation, immutable forever.

create { jurisdiction: "eu" } · verified after creation
03

21 keys. Never a master key.

No broad API key — the OAuth grant asks for 21 fine-grained scopes, each risk-labelled honestly: safe, risky or destructive. Read the full table before you grant anything.

21 scopes · 8 groups · risk-labelled in the docs
04

Tokens a database can’t leak.

Your Cloudflare tokens are AES-256-GCM-encrypted with a fresh IV each, under a key that lives only as a server secret. Decrypted the moment an action runs — never before.

AES-256-GCM · random 96-bit IV per token
05

No passwords. Nothing to phish.

One way in: Sign in with Cloudflare. No password form, no credential database to dump — your MFA and passkeys stay where they already live. Revoke the grant, and sSystm is out.

one way in: Cloudflare OAuth
06

The AI asks first.

AI-proposed infrastructure operations are risk-classified — and anything not provably read-only waits as pending until a human approves. Who, when and every API call: recorded.

risky | destructive → pending_approval, always
Isolation in depth

Four layers between
you and everyone else.

Tenant isolation isn't one wall — it's the same principle repeated at every layer of the stack:database, queries, vector search and real-time.

Scoped at every layer.

A single tenant boundary can fail. sSystm draws the same boundary four times, in four different systems — straight from the code:

  1. 1A database per tenantThe API resolves your organisation’s own D1 database on your own Cloudflare account for every request that touches your records — and fails closed if it can’t.
  2. 2Org-scoped by constructionEvery MCP token maps to one user in one organisation, and every query is scoped server-side. Your AI structurally cannot reach another organisation’s data with your token.
  3. 3Vector search in true partitionsComponent embeddings live in a Vectorize namespace per organisation — a real partition, not a metadata filter. A search in your namespace physically cannot return anyone else’s vectors.
  4. 4Real-time rooms, one per orgDurable Objects — the agent runtime, the chat rooms — are addressed by your organisation’s id. The same org always reaches the same isolated instance; no one else can.
one request · four boundaries
request from: org acme · token maps to exactly one org
resolve database
→ acme's own D1, on acme's account · jurisdiction: eu
vector search "pricing card"
namespace: acme — a real partition, only acme's vectors
real-time room
idFromName("acme") — the same isolated instance, every time
✗ reach another org's data
No path exists. The isolation is structural, not a WHERE clause.

The ground it stands on

  • Everything runs on Cloudflare’s edge network — Workers for compute, D1 for data, Vectorize for embeddings, Durable Objects for real-time. No servers of ours to patch, no disks of ours to lose.
  • Your infrastructure provider is Cloudflare — the same platform your own sites likely already trust — and your sSystm resources sit in your own Cloudflare account, visible in your own dashboard.
  • BYOC means the exit is built in: revoke the OAuth grant in your Cloudflare dashboard and sSystm is locked out. Your database, and your data, stay with you.

One honest note: we don't wave compliance badges we haven't earned. What we claim is architecture — and every claim on this page can be checked against the product. For the contractual side, see our Data Processing Agreement.

What we're building next

Security is a direction, not a checkbox.

The foundation above is live. On the road ahead, in the open: hardening session management, and extending the audit trail that already covers agent operations — who ran what, when, with every API call recorded — into one audit surface across the whole workspace.

Follow the changelog
Security · BYOC by design

Own your stack.
Sleep at night.

Early access is rolling out gradually. Join the waitlist and your workspace is provisioned on your own Cloudflare account, in the region you choose — with every wall on this page already standing.

When you're in: no email, no password — one Cloudflare grant · core workspace free · your data lives in your own account