You’re trusting a. hub with your agency’s finances, your clients’ work, and your team’s records. Here’s exactly how it stays yours — and how we test that, continuously, instead of just claiming it.
Most software asks you to take data separation on faith. We run an automated probe that, on every production release and on a schedule, signs in as one agency and tries to reach another agency’s data across dozens of pages. If it finds a single thing it shouldn’t, the check fails and that build is held.
Our crawls of the live product keep coming back clean — zero cross-agency leaks across 43 pages.
The AI writes in a client’s voice from the material you feed it — but everything it produces is a draft a human reviews. Nothing is ever auto-published, and one client’s brain is never used to inform another’s.
We are not SOC 2 or ISO certified, and we won’t pretend to be. Formal certification is on our roadmap as we grow. Until then, our isolation is enforced in code, re-tested on every release, and backed by encryption, 2FA and an immutable audit log — and you can walk the whole product, on real data, before you pay a cent. One deliberate boundary worth naming: a. hub records payroll as paid but never moves money — there is no bank transfer.
A one-page overview of every control on this page — isolation, encryption, access, audit, backups and our honest boundaries — written for a security reviewer. We’ll also complete your security questionnaire, sign an NDA, and give your team a live login to verify the controls first-hand.
Every row in the database carries an agency id, and every read is scoped to the signed-in agency and fails closed — if the scope is ever missing, it returns nothing rather than everything. Our CI guardrails won't let a build ship an unscoped read or write, and an automated cross-tenant probe plus live-product crawls re-check the isolation — they keep coming back clean.
An automated check that signs in as a demo agency and tries to see another agency's data across dozens of pages. If it detects anything it shouldn't, the check fails and that build is held. It's continuous, verifiable proof — not a one-time promise.
On managed cloud infrastructure from established enterprise providers — encrypted in transit (TLS) and at rest, with automated database backups and point-in-time recovery. We're happy to discuss data residency for your region.
Yes. You can export your data at any time, and on offboarding we export and then remove it on request. Your data is yours.
Yes to both. Send your questionnaire (SIG-lite or your own template) and we'll complete it, and we're glad to sign an NDA. Your team can also take a live demo login to verify the controls first-hand.
Not yet — and we won't imply otherwise. Formal certification is on our roadmap as we scale. In the meantime our isolation is enforced in code, tested on every release, and backed by encryption, 2FA and an immutable audit log.
Only their own account — their reports, approvals, requests and invoices. A client never sees another client, your costs or margins, or any internal note. Portals are strictly read-only.
Encrypted at rest with AES-256, per agency and never shared across tenants. They're decrypted in memory only when used, never logged, and never returned to the browser — and you can revoke any connection at any time.
We’ll email you a login to a fully-loaded demo agency. Walk every screen — the same isolation that protects it protects you.
Explore the live demo →