TierSignals is advisory only and technician controlled. Every recommendation is a card the technician reads, edits, or ignores. No autopilot. No surprises.
Row-level security on every table. Workspace membership is the gate; security-definer helpers prevent recursive policy bugs.
Owner, admin, technician roles enforced server-side. Privileged server functions verify the caller and role.
TierSignals does not create accounts, reset passwords, change permissions, or modify configuration on client systems.
Bot lifecycle, webhook receipts, signal feedback, and admin actions write to audit logs with timing and actor.
Inbound Recall webhooks verify Svix-compatible HMAC signatures with timing-safe comparison; rejected events are logged.
Recall, OpenAI, and webhook secrets live in Edge Function secrets only — never in frontend code or normal tables.
We design TierSignals to pass the same review you'd give any production tool that sits beside your service desk. RBAC, RLS, encryption, and an audit trail aren't flagship features — they're the floor.
Every customer dataset is scoped to a workspace and protected by row-level security. Retention windows are configurable per workspace.
| Dataset | Scope | Retention |
|---|---|---|
| Transcript snippets | Workspace-isolated | Configurable (default 90 days) |
| Signal feedback | Workspace-isolated | Configurable (default 12 months) |
| Ticket note drafts | Workspace-isolated | Retained until manually deleted |
| Audit logs | Workspace-isolated | Configurable (default 12 months) |
| Client Context Packs | Workspace-isolated | Retained until manually deleted |
Customer-controlled deletion is supported per workspace from the Production Readiness page.