Tenant isolation by default
Every query is scoped to an organization. Superadmin impersonation is explicit and double-logged.
BOILERPLATE
Ship multi-tenant SaaS, audit-ready from day one
A reusable, SOC 2-oriented Next.js boilerplate with authentication, organizations, role-based access, audit logging, internationalization, theming, and cookie consent — built in.
Immutable audit trail
Every mutation writes an append-only audit log with actor, role, target, and outcome. Your security review becomes a conversation.
RBAC out of the box
Five roles, permission matrix, deny-by-default guards. Permissions are stable strings — features check them, not roles.
i18n & theming
English and French at launch, more in one line. Light and dark themes via shared design tokens. Cookie consent meets GDPR and Quebec Law 25.