Concepts

Security & data

Ventura holds sensitive firm data — client files, economics, and relationships. Protection is built into the data model, not bolted on as UI checks.

Multi-tenancy

Every firm's data is isolated. A user belongs to a firm through their membership, and every query is scoped to that firm — there is no shared view across firms. Configuration like fiscal-year start and service-line taxonomy is per-firm, so one firm's setup never affects another.

Row-level security

Isolation is enforced at the database with row-level security (RLS), not in application code. Even with a valid login, a request only returns rows the policy allows: your firm, and — for operational records — the engagements you're assigned to. A direct link to a record you aren't entitled to simply returns nothing.

Economics protection

Dollar figures — rates, time value, cost, margin, WIP, A/R, recovery, realization — live in separate, finance-gated tables that only partner and finance roles can read. Everyone else sees the work and the hours, never the dollars. Because the data is physically separated rather than hidden, a non-finance role has nothing to leak.

Email: metadata vs content

Auto-capture logs touches against people you track using message metadata — who, when, subject line — to keep relationship and client timelines current. It is scoped by a per-account business gate so personal mail stays out, and it is designed around metadata rather than reading and storing full message bodies.

Integrations

Google, Microsoft, and Xero connect through OAuth — you grant access and can revoke it from the provider at any time. Tokens are stored per firm and used only for the syncs described in Integrations. Ventura requests the narrowest scopes that make a feature work.

Access model

Who can do what is governed by the seven-role model plus assignment, all enforced in the database. See Roles & access for the full matrix.