Security & scope

Safe to run beside an MSP service desk.

TierSignals is advisory only and technician controlled. Every recommendation is a card the technician reads, edits, or ignores. No autopilot. No surprises.

Workspace isolation

Row-level security on every table. Workspace membership is the gate; security-definer helpers prevent recursive policy bugs.

Roles & least privilege

Owner, admin, technician roles enforced server-side. Privileged server functions verify the caller and role.

Advisory only

TierSignals does not create accounts, reset passwords, change permissions, or modify configuration on client systems.

Audit logs

Bot lifecycle, webhook receipts, signal feedback, and admin actions write to audit logs with timing and actor.

Signed webhooks

Inbound Recall webhooks verify Svix-compatible HMAC signatures with timing-safe comparison; rejected events are logged.

Secret handling

Recall, OpenAI, and webhook secrets live in Edge Function secrets only — never in frontend code or normal tables.

What TierSignals does
  • Suggests sharper diagnostic questions tied to the live conversation
  • Surfaces client-specific procedures, approval rules, and approved vendors
  • Flags missing information before escalation
  • Drafts escalation handoff notes with the context Tier 2 needs
  • Drafts ticket notes the technician can review and paste into the PSA
What TierSignals will not do
  • Create, modify, or disable user accounts
  • Reset passwords or change MFA factors
  • Change permissions, group memberships, or roles
  • Modify configuration on client systems
  • Open, update, or close tickets on behalf of the technician
Compliance posture

Production controls from day one.

We design TierSignals to pass the same review you'd give any production tool that sits beside your service desk. RBAC, RLS, encryption, and an audit trail aren't flagship features — they're the floor.

Encryption at restPostgres-managed AES-256 for all customer data.
Encryption in transitTLS 1.2+ on every connection, including webhooks and bot ingestion.
Access controlRBAC with three roles; admin scope required for context, settings, and integrations.
Tenant isolationRLS gate on every table; security-definer membership helpers.
Webhook integritySvix-compatible HMAC verification with timing-safe comparison.
Audit trailEvery privileged action and webhook event written with actor + timing.
Data inventory

What we store and for how long.

Every customer dataset is scoped to a workspace and protected by row-level security. Retention windows are configurable per workspace.

DatasetScopeRetention
Transcript snippetsWorkspace-isolatedConfigurable (default 90 days)
Signal feedbackWorkspace-isolatedConfigurable (default 12 months)
Ticket note draftsWorkspace-isolatedRetained until manually deleted
Audit logsWorkspace-isolatedConfigurable (default 12 months)
Client Context PacksWorkspace-isolatedRetained until manually deleted

Customer-controlled deletion is supported per workspace from the Production Readiness page.