Security
Security posture built around finance workflow control, not just a login screen.
Docsift is being built for finance teams that need practical controls around document handling: company-scoped access, private file storage, review gates, and a traceable export path.
Security for this kind of workflow is not one checkbox. It is a chain: access control, storage isolation, review discipline, auditability, and operational safety around the jobs that keep the workflow moving.
At a glance
Membership-backed row-level security instead of UI-only access checks.
Invite-only authentication with formal invite and password recovery flows.
Operational queue jobs protected by shared secrets and documented scheduler controls.
Current security posture
Invite-only authentication
The current auth model is invite-only email and password access. Public self-sign-up is intentionally disabled, and password setup or reset routes are controlled through secure email actions.
Company-scoped data isolation
The application is built around company memberships and row-level security so the tenant boundary is enforced at the data layer instead of only in frontend conditions.
Private attachment storage
Documents and related attachments are stored in private object storage with company-scoped access controls, which reduces the risk of exposing finance files outside the intended tenant.
Auditable mutations
Sensitive workflow steps such as approvals, settings changes, and export activity are designed to remain auditable so support and finance teams can reconstruct what happened.
Operational controls
Protected scheduler routes
Background processing and maintenance routes are protected with a shared secret and are intended to be triggered by the scheduler instead of being left open for arbitrary public execution.
Optional AI with cost boundaries
AI extraction runs only when the company enables it. Budget thresholds and block modes are available so extraction does not become an uncontrolled hidden dependency.
EU-first deployment posture
The current product plan is built around an EU-first data plane while still supporting US customers at launch from the same hosted baseline.
Legal and procurement support
Public trust material now includes privacy, terms, DPA, subprocessors, and retention pages so diligence starts from a documented baseline rather than ad hoc answers.
Frequently asked questions
Is public self-sign-up enabled?
No. The current model is invite-only. Accounts are created through protected admin workflows rather than open public sign-up.
Are files public?
No. Attachments are designed for private storage with company-scoped access rules.
Can the workflow run without AI?
Yes. AI is optional, and the product keeps manual intake, review, approval, and export available when AI is off.