Isolation you don't have to trust. The database enforces it.
TTSAI is built for organisations that cannot compromise on data control. Brand isolation is not a setting you hope is respected: it is enforced by the database on every query.
The wall is in the database, not in the menu.
Every record carries its organization and brand. Force row-level security is applied on 101 tables, and the application connects as a restricted database role that is neither owner nor superuser - a boot guard refuses to start under any role that could bypass row-level security. Hiding a menu is never the security boundary: the database itself refuses to return another brand's rows. Even platform super-admin access is policy-checked and audited, never a silent bypass.
Four policy paths, checked on every query: own brand, org admin, shared-in read-only, and audited super-admin. There is no fifth path.
Nothing crosses a brand line unless you open it.
When you do want to share, a single grid says exactly what (knowledge, macros, contacts), and in which direction. Sharing is read-only for the receiving brand and per resource type. Perfect for agencies and white-label partners: many clients, one team, zero bleed-through.
Exactly the permissions each team needs. Not one more.
Five built-in roles ship as standard: Org Admin, Supervisor, Agent, Light Agent and portal customers who live entirely outside your workspace. The Light Agent can view and note internally but can never reply to a customer or own a ticket. Beyond those, compose your own roles in the custom-role builder, and attach per-field PII rules: contact email and phone Visible, Masked or Hidden per role. A masked field is masked everywhere it appears - lists, search, the case, exports - because masking is applied as the data is served.
One rule, three surfaces: the list, the case and the export mask together, because masking happens as data is served.
MFA for every account. Invites, not open doors.
- TOTP two-factor with QR setup and one-time recovery codes.
- Invite-based onboarding with role and brand access chosen up front.
- Agent presence and scoped sessions.
- SSO (SAML / OIDC). Sign in through your own identity provider - Microsoft Entra, Okta or any OIDC or SAML provider - set up in Settings, with email and password as a fallback.
Who did what, when, to which record. Forever.
Every consequential action is recorded, filterable by action, record, person and brand, with the exact values that changed. Entries can never be edited or deleted, by anyone, including admins - a database-level trigger enforces it, and the audit trail is excluded from tenant retention policies, so history cannot be aged out either; every retention purge leaves its own durable audit line. Export any date range as CSV for an auditor. Even the intake exclusion list writes its drops here, so a blocked sender is never a silent mystery.
Try to edit a row and the log politely refuses. Escalations counted here feed the Escalation Rate KPI.
Subject requests are a workflow, not a scramble.
- Subject-access export: everything held about a person, one file.
- Right-to-be-forgotten erasure with an irreversible-action gate and an anonymisation summary. Stored files and AI-derived data are deleted with it, and version snapshots are scrubbed, so an erasure cannot be undone by a restore.
- Retention policies ("keep this data at most N days") cleaned up on schedule.
- A standing erasure audit as proof of compliance.
Control does not stop at the login screen.
Bring your own AI key, cloud or on your own hardware. Host the whole platform on infrastructure you control: the same images run on a managed cloud or any Docker host. Provider keys, webhook and email signing secrets are sealed with AES-256-GCM envelope encryption, and first-party AI vendors are host-pinned - a custom AI endpoint is honored only with your own key, never the platform's, and internal agent notes are never sent to a model. Attachments are virus-scanned. Public intake is rate-limited and origin-checked, and the chat widget links a conversation to a known customer only through a server-signed identity assertion.