Franexis
    Log inBook a demo

    Security

    Multi-tenant SaaS is a security claim. Here's ours.

    A franchise platform holds many companies' data by definition, so the isolation model is the product. This page describes how Franexis actually enforces it — specifically, not in trust-badge generalities.

    Tenant isolation in the database

    Every business table carries a tenant identifier protected by PostgreSQL row-level security. A franchise brand's data is invisible to every other tenant at the query layer — isolation isn't an application promise, it's a database policy.

    Franchisee-level scoping

    Within a network, franchisee membership scopes what each location's users can reach. Field technicians are scoped tighter still: assignment-based access to their own work orders and jobs.

    Multi-factor authentication

    TOTP-based MFA with hashed recovery codes and administrative reset. Tenants set their own policy — off, required for admins, or required for everyone.

    Roles with server-side enforcement

    Six built-in roles from platform admin to field technician. The UI uses permissions only as affordances — every mutation re-checks authorization server-side through row-level security and scoped functions.

    Hardened API surface

    External API access uses scoped bearer keys with per-key rate limiting (proper 429 + Retry-After) and idempotency. Webhooks are HMAC-signed outbound and HMAC-verified inbound; public forms carry captcha protection.

    Files and audit trail

    Documents, photos, and PDFs live in private storage buckets with path-scoped policies and signed-URL-only access. Administrative and data changes land in an audit log.

    The model

    Who sees what, exactly

    The tenancy model in one pass — this is the structure row-level security enforces on roughly one hundred tables.

    • A tenant is a franchise brand; franchisees are locations within it
    • Platform admins (the operator) manage tenants — tenants never see each other
    • Franchisor roles see across their own network; franchisee roles see their own location
    • Field technicians see work assigned to them — nothing else
    • Mobile app users authenticate as themselves and pass through the same row-level security as the web
    • Data is programmatically yours: documented REST API, webhooks, and exports

    Questions

    Security review?

    Evaluating Franexis for your network and need specifics for a security questionnaire? Contact us — we'd rather answer precise questions than publish vague badges.

    Bring your security questionnaire

    We'll walk your team through the isolation model, auth, storage, and API security — with the actual policies, not a marketing summary.