enforced at the database, the action layer, and CI
Annual replacement at parity if you bought the equivalent tools and services separately. Custom-building this one feature alone would land in our Large build band ($80k–$180k). Source ladder + per-line citations on methodology .
Concretely, what you get
- organization_id on every client-owned row.
- Postgres Row-Level Security policies — no query without org context can read another org’s data.
- Server-action defense-in-depth — every read/write asserts org match.
- CI static check — PRs missing the org predicate fail the build.
- Embeddings namespaced per organization in pgvector.
- Audit log of every staff impersonation — visible in your own audit trail.
- Plain-English Privacy page in your portal restating the guarantee.
The shelf-of-tools this one offering removes
Categories, not brand names — pricing benchmarks observed from public pricing pages, agency proposals, and freelance rates current to the year. Every range is backed by a line-by-line worksheet you can audit once your trial is live.
| What you'd otherwise buy | Type | Typical price |
|---|---|---|
| A custom multi-tenant data-isolation build | Build | $80k–$180k |
| A compliance audit firm validating the same posture | Specialist | $20k–$80k per audit |
What you'd pay elsewhere vs. what this costs you here
Vendor ranges observed from public pricing pages and agency proposals, current to the year. Full source worksheet shared with you once your trial is live.
What it adds to your business in dollars
You’re trusting us with your customer records, your job archive, your pricing, your ad winners. The promise that "your data is yours" only matters if it’s enforced — and it is, at every layer.
Three or four moves. Then you walk away.
You: Nothing.
System: The invariants hold whether you think about them or not. Your Privacy page restates them in plain English.
The outcomes this feature feeds into
Before you ask
Can I export everything?
Yes — at any time, from Settings → Privacy. A zip of every client-owned row + every asset in S3, delivered within 7 days. Account deletion hard-deletes within 30 days; legal-retention copies are sealed to a separate audit table.
What about Homericly staff impersonation?
Read-only by default. Read-write requires admin authorization + an audit reason. Banner is always shown while impersonating; the impersonation event appears in your own audit log.
Do you train AI models on my data?
No. Never. Your data serves your business and only your business — it’s never used to train shared models, never aggregated across clients, never surfaced anywhere outside your account.
How do I know the CI check actually runs?
Every PR shows the check in the GitHub UI; the check is open-source within the repo so any auditor you bring in can verify. We don’t hide compliance behind a black box.
What happens if there’s ever a breach?
Disclosed inside 72 hours, scoped to whichever client(s) were affected, with the technical details and the remediation. We don’t do silent breaches. (Hasn’t happened. Pre-committed posture.)
Walk through the isolation that keeps your data serving only your business.
Then sign on knowing it stays that way.
No credit card. No strings. We stand the whole platform up on a subdomain alongside your existing site so you can compare the numbers directly — leads, bookings, ticket size. The Standard guarantee covers cancellation between day 90 and day 180 at full refund.