Productbet is built with tenant isolation, encryption, and secure AI processing as foundational design decisions — not afterthoughts.
We enforce strict tenant isolation for all data access and AI processing. Every request is authenticated and scoped to your organization. All database queries filter by your organization ID at the index level, so only your data can be read or written. Integration credentials are encrypted with AES-256-GCM at rest. AI workflows are stateless and tenant-scoped — prompts are constructed from your data only, and nothing persists in memory between invocations. The entire platform runs on a serverless architecture with no shared state between requests.
Strict tenant isolation
Every organization in productbet.io is a fully isolated tenant. When you sign in, your identity token includes your organization ID, which is verified on every single request. All database queries are scoped to your organization using indexed lookups — there is no way for a query to return data belonging to another organization. Document-level ownership checks add a second layer: even if a record ID is guessed, access is denied unless the caller's organization matches the record's owner.
Encryption at rest
All integration credentials — API keys, OAuth access tokens, and refresh tokens — are encrypted with AES-256-GCM before being stored. The encryption key is a server-side environment variable that is never exposed to the client or included in any response. Credentials are decrypted only at the moment they are needed to call a third-party API, and the decrypted values are never persisted or cached.
Authentication and access control
Productbet uses Clerk for authentication. All sessions are JWT-based, issued by Clerk's infrastructure with short expiry windows. Organization membership and role information is embedded in the token and verified server-side on every request. OAuth integrations (Linear, GitHub, Amplitude, Mixpanel, Productboard, Zendesk) use industry-standard OAuth 2.0 flows with PKCE where supported, encrypted state parameters for CSRF protection, and automatic token refresh.
AI processing security
All AI-powered features — signal extraction, clustering, opportunity generation, and the chat assistant — run within tenant-scoped workflows. Your organization ID is carried from the authenticated API request into every background job and serverless function. Data used to construct model inputs is loaded exclusively from your organization's records. AI calls are stateless: prompts are built from scratch on each invocation, and no tenant context persists in memory between requests. Each organization can supply its own OpenAI API key, which is stored encrypted and used only for that organization's processing.
Data isolation in vector search
Signal embeddings and cluster embeddings are stored with your organization ID as metadata. Vector indexes are configured with organization ID as a filter field, ensuring that similarity searches can be scoped to your organization's data. Clusters, signal items, and opportunities are all created and queried within your organization boundary.
Serverless architecture
Productbet runs on Convex, a serverless platform where every function invocation is isolated. There are no long-running servers, no shared in-memory state, and no mutable globals. Each request executes in its own context, loads only the data it needs, and returns. This architecture eliminates entire classes of cross-tenant leakage risks that exist in traditional server setups, such as shared connection pools, thread-local state, or warm container data bleed.
Logging and monitoring
Server-side logs record operational metadata such as function names, timing, item counts, and error messages. Raw user content is not included in error reporting or monitoring dashboards. Integration credentials and API keys are never logged. All logging is server-side only and is not accessible to other tenants.
Technical summary
| Area | Details |
|---|---|
| Authentication | Clerk (JWT, short-lived tokens) |
| Tenant isolation | Organization ID on every query and mutation |
| Credential encryption | AES-256-GCM with server-side key |
| OAuth flows | OAuth 2.0 with PKCE and CSRF protection |
| Backend | Convex (serverless, isolated execution) |
| AI provider | OpenAI (per-tenant keys, stateless calls) |
| Vector search | Org-scoped indexes with metadata filtering |
| Data residency | Hosted on Convex cloud infrastructure |
Questions?
If you have specific security requirements or questions about our architecture, reach out at hello@productbet.io and we will provide details relevant to your organization.