aqili next
Operator sign in

Security

Secure and accountable, by default.

Aqili Next handles the financial data behind your monthly parking revenue. We treat that responsibility as a foundation of the product — tenant isolation, encryption, single sign-on, audit logging, and AI that can't act without a human — not as features bolted on later.

Tenant isolation by design

Every row is scoped with Postgres row-level security. Operators can never read or write each other's data — isolation is enforced at the database, not just the application.

SSO and scoped access

SAML/OIDC single sign-on, least-privilege roles, and API keys scoped to exactly what an integration needs. Disable access in one place when someone leaves.

Complete audit log

Every meaningful action — by a user or an agent — is recorded with who, what, and when, and is replayable for investigation and compliance.

AI with a human gate

Agents propose; people approve. No agent writes data without explicit human approval, and every run is logged. We don't train third-party models on your data.

Encryption everywhere

Data is encrypted in transit (TLS) and at rest. Secrets are managed with cloud key management and least-privilege service identities.

Hardened integrations

Outbound connections are validated to block access to internal metadata and private networks, and redirects are constrained — defense against SSRF and data exfiltration.

Our practices

Enterprise foundations you can verify.

We're happy to walk security and IT teams through our architecture, data flows, and controls during evaluation. Reach out and we'll set up a review.

Email our security team
  • Multi-tenant SaaS with row-level security on every tenant-scoped table
  • Single sign-on via SAML and OIDC; enforced MFA through your identity provider
  • Encryption in transit (TLS 1.2+) and at rest; managed keys via cloud KMS
  • Least-privilege access for staff, with break-glass procedures and logging
  • Continuous backups with point-in-time recovery and tested restores
  • Runs on Google Cloud and Microsoft Azure with managed, patched infrastructure
  • Secure SDLC: code review, dependency scanning, and infrastructure as code
  • Audit logging across users and agents, retained and exportable

Compliance and reporting

We align our controls with industry frameworks and can share our security documentation, data processing terms, and sub-processor list under NDA. See our Privacy Policy and Sub-processors for details.