Security
Security that shows its work.
We only claim what we've built. What is shipped is listed as shipped, what is planned is listed as planned, and every claim maps to code you can ask us about.
Only your people see your data
Access is checked on the server for every request, down to individual rows and columns. Guessing links or IDs gets a 404, not your data.
Every change is on the record
Who changed what, when, from where: written to an audit trail that nobody, including us, can edit after the fact.
Accounts are hard to break into
Two-factor sign-in, account lockout after failed attempts, and sessions you can revoke everywhere with one click.
Shipped today
These controls are live and enforced in the product right now.
Password hashing and 2FA
Passwords are bcrypt-hashed, never stored in plain text. Optional TOTP two-factor auth with single-use backup codes.
Scoped API keys
Keys are SHA-256 hashed, shown once at creation, scoped per resource and per workspace, with expiry dates and instant revocation.
Security log with SIEM export
Append-only, company-wide log of sign-ins, permission changes, and key management, with signed webhook streaming and an export API for SIEM tools.
Lockout and rate limiting
Repeated failed sign-ins freeze the account and auth endpoints are rate limited, so brute force gets stopped, not just slowed.
Revocable sessions
Sign out everywhere with one click. Sessions are revoked server-side, and a password change or reset signs out every other device.
Full-chain tenant isolation
Every record lookup verifies the whole ownership chain, record to board to base to workspace. Guessing IDs gets you a 404, not someone else's data.
Layered permissions, enforced server-side
Role-based, row-level, and field-level permissions. Hidden fields are stripped from API responses on the server, not merely hidden in the UI.
Immutable audit trail
Every significant action is logged with before/after snapshots, user, time, and IP. Once written, entries cannot be altered by anyone, including us.
Safe password resets
Reset links are single-use and expire in minutes, and the flow never reveals whether an email address has an account.
SSRF protection
Outbound webhook and automation destinations are validated on every delivery, so requests can never be pointed at internal infrastructure.
Tenant-scoped file storage
Attachment keys are server-generated and scoped to your company. Downloads require permission on the owning board before a single byte streams.
Exports that respect access
CSV export applies the same permission rules as the UI. You only export what you are allowed to see.
Data residency
Sajel runs on dedicated infrastructure: monitored, encrypted, and isolated per deployment. Private cloud hosting in Oman is on the roadmap for teams that need regional residency.
Our posture is compliance-supporting for GDPR and Oman PDPL (Royal Decree 6/2022): role-based access, comprehensive audit trails, and an in-country deployment model with no third-party data egress by default. We do not claim certification, and we say so plainly.
On the roadmap
We build these when a deployment requires them, and we will tell you plainly where anything stands.
SSO (SAML / OIDC)
Enterprise single sign-on, alongside today's email and password with optional TOTP 2FA.
Device-level session controls
Sign-in history and per-device revocation, on top of today's sign-out-everywhere.
Trash and recovery
A grace window to restore deleted records and boards.
Oman private cloud
In-country hosting for deployments that require regional residency.
Evaluating Sajel for a regulated deployment? We answer security questionnaires and walk through the details directly. Talk to us.
Report a vulnerability
Responsible disclosure is welcome. If you find something, tell us privately with a description, reproduction steps, and impact. We aim to acknowledge within one business day and give an initial assessment within three.
security@sajel.omBring your data. We'll keep it yours.
Join BetaFree during beta · No credit card needed