Get started
Enterprise

Security is architecture, not a checkbox

Row-level database isolation, SSO, audit trails, on-call schedules, and multi-level escalation. Built into the foundation, not bolted on after the fact.

SOC 2 Type II Annual audit
GDPR Data protection
HIPAA Health data compliance
ISO 27001 Information security

Security and isolation

Enterprise customers need more than passwords and permissions. They need architectural guarantees.

Row-level security

Every database query is scoped by tenant at the PostgreSQL level using RLS policies. Data isolation isn't application logic -- it's enforced by the database engine itself.

SSO via OIDC

Agents authenticate through your identity provider. Configure OIDC with your IDP URL, client ID, and secret. Automatic account creation on first SSO login.

Complete audit trail

Every ticket status change, priority update, assignment, tag modification, and SLA breach is recorded with timestamp and actor. Immutable, queryable, exportable.

Project isolation

Separate tickets, channels, tags, SLA policies, knowledge bases, and AI configuration per project. Teams supporting multiple products operate independently within one tenant.

Role-based access control

Three agent roles (admin, manager, agent) with scoped permissions. Customer organization roles (owner, admin, member) for B2B portal access.

Notification delivery log

Track every notification attempt: recipient, event type, channel, delivery status, and error details. Full visibility into what was sent and whether it was delivered.

Tenant isolation

Database-level data isolation

Osewa uses PostgreSQL row-level security policies to enforce tenant isolation at the database engine level. Every query is automatically scoped by the authenticated tenant's ID. There is no application-level code path that can accidentally leak data between tenants.

  • RLS policies on every tenant-scoped table -- enforced by PostgreSQL
  • Tenant ID set per-request from JWT claims, not query parameters
  • Write policies require exact tenant match -- no cross-tenant writes
  • Integration tests verify tenant isolation with real database queries
Agent management interface with role-based access

Operational maturity

Tools for teams that run support as a 24/7 operation.

On-call schedules

Define recurring on-call rotations per department with IANA timezone support. Manage shifts, add rotations, and ensure 24/7 coverage.

Escalation policies

Multi-level escalation chains per department. Each level defines a target (agent or department), timeout, and notification channels. Automatic escalation when unacknowledged.

Business hours

Define working hours per day of week with timezone support. SLA timers only count business hours. Reusable across multiple SLA policies.

Department hierarchy

Organize agents into departments with parent/child relationships. Route tickets to departments, assign escalation policies, and manage on-call per department.

Escalation

Tickets never get stuck

Define multi-level escalation chains per department. When a ticket goes unacknowledged, Osewa automatically escalates through your chain -- notifying the next level via email, Slack, or in-app.

  • Multi-level chains: L1 agent -> L2 team lead -> L3 department head
  • Configurable timeout per level (minutes)
  • Notification via email, Slack, or in-app per escalation level
  • On-call schedules ensure someone is always available
On-call schedule management interface

Talk to our team about enterprise deployment

Custom onboarding, dedicated support, and volume pricing for teams with 20+ agents.

Contact sales Download security whitepaper