Your data, locked down.

All data in transit is encrypted with TLS 1.3 (HTTPS). OAuth credentials and API keys are encrypted at rest using AES-256-GCM before they ever touch disk. We never store tokens in plaintext.

Each customer organization gets its own dedicated PostgreSQL database. Your data is never co-mingled with other customers’ data — not in the same table, not in the same database, not even in the same schema.

Passwords are hashed with argon2id (the current gold standard). Sessions use short-lived JWT access tokens signed with RS256 (2048-bit RSA), paired with secure httpOnly refresh cookies. No session data is stored in localStorage.

Custom roles with per-page view/edit/none permissions let you control exactly who sees what. System default roles (Admin, RevOps Manager, Marketing Analyst, Sales Manager, Viewer) are created for every new organization.

Elir runs on dedicated hardware, not shared cloud VMs, behind a strict firewall that exposes only the HTTPS and administrative ports required to operate the service.

Root SSH login is disabled. Password authentication is disabled — key-only access. Automatic security updates apply upstream patches on release, and repeated authentication failures are blocked automatically.

Full database backups run automatically every night, compressed, and retained for two weeks. Restore procedures are tested regularly and complete in minutes.

The authenticated Elir application runs no third-party tracking scripts — no Google Analytics, Facebook Pixel, Hotjar, or session recorders. The only cookie the app sets is a secure, httpOnly authentication token. Our public marketing site uses Google Analytics to measure content performance; no analytics run behind the login.