Skip to main content

Security Overview

Qefro security is built around tenant isolation, workspace boundaries, least-privilege access, and auditable Business Actions. This page summarizes controls that exist in the running product on app.qefro.com / api.qefro.com — not aspirational marketing claims.

Short definition (citation-ready)

Qefro isolates each organization (tenant) and further scopes knowledge, tools, and conversations to AI Workspaces, with encrypted tool secrets, SSRF-aware egress, optional end-user identity forwarding, and organization plus tool execution logs.

Control map

ControlWhat it protectsDocs
Tenant isolationCross-customer data leakageTenant Isolation
Workspace isolationCross-team knowledge/tool leakageAI Workspaces
RBAC + TeamsWho can configure vs chat internallyRBAC
Encrypted secretsAPI keys for Business ToolsSecrets
SSRF-aware egressUnsafe tool / webhook destinationsBusiness Actions
Identity forwardingConfused-deputy tool callsIdentity Forwarding
Audit + tool logsWho changed what; which tools ranAudit Logs
Auth rate limitsCredential stuffing / abuseAPI Authentication
Webhook signaturesForged billing / channel eventsWebhooks
Compliance postureQuestionnaires, DPA, roadmapCompliance

Architecture

Threats we design for

ThreatMitigation in Qefro
Org A reads Org B knowledgeTenant-scoped APIs and indexes
Public widget reads HR PDFsSeparate Customer vs Employee workspaces
Chat triggers privileged refundsLeast-privilege tools; avoid write tools on public workspaces
Tool URL hits cloud metadataSSRF / DNS controls on egress
Keys in browser or promptsServer-side encrypted secrets
Unaudited model writesTool execution logs + org audit logs

Deeper agent threat model: AI Agent Security.

Security review workflow

Run a security review before production

  1. Classify dataWhich docs and tool responses are public vs internal vs regulated?
  2. Split workspacesCustomer Support vs HR/IT — never one mega-index.
  3. Lock RBACOwners/Admins configure; Members only see granted workspaces.
  4. Scope toolsRead-only first; encrypt secrets; enable identify() where needed.
  5. Prove with logsSample org audit logs and tool executions during pilot.

What is implemented vs roadmap

AreaStatus
Multi-tenant + workspace isolationImplemented
Encrypted Business Tool credentialsImplemented
SSRF-aware tool / webhook egressImplemented
Widget identify() identity forwardingImplemented
Org audit logs + tool logsImplemented
Auth abuse rate limitsImplemented
Razorpay webhook signature verifyImplemented
SOC 2 Type IIRoadmap — ask Sales for timeline
SSO / SAMLRoadmap — Enterprise discussions

Practical API checks

# Organization audit trail (Admin/Owner JWT)
curl -sS -H "Authorization: Bearer $USER_JWT" \
https://api.qefro.com/api/v1/org/audit-logs

# Tool execution history for a Business Tool
curl -sS -H "Authorization: Bearer $USER_JWT" \
https://api.qefro.com/api/v1/tools/$TOOL_ID/logs

Best practices

  • Separate staging and production organizations when feasible
  • Prefer read-only Business Tools until citation quality is proven
  • Re-review OpenAPI imports for overly broad write operations
  • Treat uploaded documents as untrusted input when tools are enabled (prompt injection)

FAQ

Is Qefro SOC 2 certified today?
SOC 2 is on the roadmap. Contact Sales for the current timeline and interim questionnaire support.
Where should a security review start?
Tenant/workspace isolation, then tool scopes and secrets, then identity forwarding, then logs.
Does Qefro store my CRM data?
Your CRM remains the system of record. Tool responses may appear in conversation transcripts — design retention with your security team.