Security

Multi-tenant architecture with Row-Level Security (RLS) in PostgreSQL. Each tenant's data is strictly isolated at the database layer using tenant_id policies. No cross-tenant data leakage is possible — queries are automatically scoped to the authenticated tenant, enforced by PostgreSQL itself.

Pro and Enterprise plans include AES-256 content encryption with tenant-managed keys. Content is encrypted before storage — Henia cannot read your context content. Metadata (titles, tags) remains plaintext for search functionality.

• JWT tokens — httpOnly cookies with short expiry for dashboard sessions. Tokens are not accessible via JavaScript.
• API keys — Bearer tokens for programmatic access. Keys are bcrypt-hashed in the database; plaintext is shown only once at creation.
• Password storage — No passwords stored in plaintext. All passwords are hashed with bcrypt using an appropriate cost factor.

• Marketing site hosted on Cloudflare Pages. API and database on dedicated VPS infrastructure.
• PostgreSQL 17 with encrypted connections.
• Elasticsearch 8.17 with TLS.
• All traffic over HTTPS / TLS 1.2+.

If you discover a security vulnerability, please email security@contextq.dev. We aim to respond within 48 hours. No bug bounty program currently, but we acknowledge all valid reports.