Your data is sealed, yours, and never sold.
Dwelitics is multi-tenant by design. Every venue is isolated at the database level, you keep ownership of your data, and we never resell it. Here is exactly how.
Tenant isolation by design
Every venue is a separate tenant. Row-Level Security in the database enforces that one organisation can never read another's data — it is a database rule, not an app-layer hope.
You own your data
We read from your existing systems to make them legible. Your operational data stays yours; you can request export or deletion at any time.
No data resale, ever
We do not sell, rent, or share your data with third parties. It is used only to power your own dashboards and intelligence.
GDPR-aligned
Built for EU operators. We process only what is needed, support access and erasure requests, and keep a clear lawful basis for every data flow.
Invitation-only access
There is no public signup. Accounts exist only for team members invited by your organisation, each with a scoped role — no anonymous access to any tenant.
Trusted infrastructure
Hosted on Vercel (application) and Supabase (database + auth) in EU regions, with encryption in transit and at rest handled by those platforms.
One database. Many venues. Zero crossover.
Multi-tenancy is enforced where it cannot be bypassed — the data layer. Every tenant-scoped table carries an organisation id, and Row-Level Security policies tie every query to the authenticated user's organisation. An accidental query for another venue's data returns nothing, by construction.
Tenant isolation is verified, not assumed: auth is enforced server-side, plan entitlements are checked server-side, and no server secret is ever exposed to the browser.
Our security practices
- Row-Level Security on every tenant-scoped table — isolation enforced in the database.
- Authentication and authorization enforced server-side, never client-only.
- Encryption in transit (HTTPS) and at rest, via Vercel and Supabase.
- No server secrets or API keys are ever shipped to the browser bundle.
- Camera processing runs on a local edge device in your venue — video never leaves your premises; AI runs server-side, scoped to your tenant, with keys never exposed to the browser.
- Access is invitation-only with scoped roles; we never co-mingle tenant data in prompts or exports.
Talk to us before you commit.
Want a data-processing summary, an export, or to discuss your specific compliance needs? Reach out — we answer personally.