NDA-grade isolation by default.
You're handling CIMs and financials under signed NDAs. Every design choice in SoloSearcher assumes the next person to look at your data shouldn't be able to — whether that's another customer, our team, or a compromised dependency.
Per-user keys
Every NDA-sensitive column is AES-256-GCM encrypted with a per-user data-encryption key. No cross-user decryption is possible without user context.
Every touch recorded
Partitioned audit logs capture who saw what and when — rate-limit hits, admin break-glass reveals, every request that crosses the NDA boundary.
Clerk-backed auth, MFA-gated
Session auth via Clerk. MFA enrollment is prompted early and required within 14 days. API keys are Argon2-hashed at rest.
Crypto-shred on request
Account deletion shreds your encryption key. The ciphertext that remains in backups is unreadable — not because we promise, but because no key exists to decrypt it.