Security & Trust
Globalesm One is built for consultancies that handle their clients’ money, contracts, and people data. Here’s how we keep that data isolated, encrypted, recoverable, and yours.
Per-tenant isolation
Every tenant table is protected by PostgreSQL Row-Level Security (RLS), and every query is scoped to your organization. One tenant can never read or write another tenant's rows — the boundary is enforced in the database, not just the app.
Encryption everywhere
Your data is encrypted at rest on AWS RDS and in transit over TLS. Credentials for connected integrations are stored encrypted, not in plaintext.
Backups & recovery
Automated RDS backups are retained for 30 days with point-in-time recovery, so we can restore to a specific moment rather than just the last nightly snapshot.
Append-only audit trail
Every mutation writes to an append-only audit log capturing the actor, IP address, user-agent, and a before/after diff of what changed. The trail is retained and queryable for investigations and compliance.
Least-privilege access control
Role-based access control (CASL) is enforced at the procedure level, with granular per-role permissions. Users — and any AI clients acting on their behalf — can only do what their role allows.
Authentication
Sign-in is backed by AWS Cognito. Our own staff identity runs through SSO/SAML via IAM Identity Center. SAML SSO is available for Enterprise customers — talk to us and we'll set it up with you.
Your data, your call
GDPR-style full-tenant data export and deletion on request, plus one-click CSV export of your data from inside the app. There's no lock-in: if you ever leave, you leave with your data.
Operational visibility
Error tracking with Sentry, an x-request-id stamped on every request for end-to-end tracing, and CloudWatch alarms so we catch problems before you have to report them.
Privacy & data ownership
Your organization owns its data. We don’t sell it, and we don’t use your content to train AI models. You can export a full tenant bundle or one-click CSVs of your records at any time, and request deletion when you’re done. For the full detail on what we collect and how we process it, see our Privacy Policy and Terms of Service.
What’s new
Recent improvements we’ve shipped, newest first.
This release
White-label branding
Put your own logo and colors on the app and on client-facing invoice PDFs and portals.
This release
Restaurant operations module
A dedicated ops surface for restaurant clients, alongside the core consulting workflows.
Last release
HubSpot-style sales pipeline
A drag-and-drop pipeline board with embeddable lead-capture forms; won deals become projects without re-keying.
Last release
GDPR export & deletion
Self-serve full-tenant data export bundles and deletion-on-request, from Settings → Privacy.
Earlier
Append-only audit log
Actor, IP, user-agent, and before/after diffs captured on every mutation — retained and queryable.
Earlier
Stripe billing
Per-seat subscription billing and card payments through a hosted, secure checkout.
Ready to put your consultancy on one secure platform?
Start a 14-day free trial — no credit card required. Need SAML SSO or a security review first? We’re happy to walk through it.