Security & tenant isolation

Your fleet's data,
in its own room.

Multi-tenant on Azure. Your fleet's records sit in their own partition, behind your identity provider, with the OEM manuals we load on your behalf living in storage that has your name on it. Nothing crosses to another customer's data. Ever.

Read the perimeter Talk to security

Tenant isolation at the data layer● Single sign-on through your IdP● AES-256 at rest● TLS 1.3 in transit● Every change logged● No password storage● Tenant isolation at the data layer● Single sign-on through your IdP● AES-256 at rest● TLS 1.3 in transit● Every change logged● No password storage●

ISOLATION

Your data doesn't
share a wall.

Multi-tenant means we share infrastructure. It doesn't mean we share data. Isolation is enforced at the data layer, not just the screen. Three boundaries do the work.

Operational data

Partitioned
by tenant ID.

Your fleet, your users, your equipment, your knowledge entries, your conversations. All live in Azure Cosmos DB, partitioned by your tenant ID. Every query the API runs carries that ID. A query that doesn't carry it returns nothing from your tenant, by design of the partition model itself.

Cosmos DB · partition key

Search index

Tenant filter,
every query.

The retrieval layer that powers chat answers runs on Azure AI Search. Every search the system performs has a mandatory tenant filter, applied by the API middleware before the query ever reaches the index. Cross-tenant retrieval is blocked at the layer above the index, not left to the client to ask for politely.

AI Search · mandatory filter

Files

One container
per fleet.

The original PDFs, scans, photos of binder pages, and voice recordings live in Azure Blob Storage. Each tenant gets its own container. Download links are short-lived signed URLs, fifteen minutes, scoped to a single file inside that container. They expire on their own.

Blob Storage · per-tenant container

SIGN-ON

Use the identity
provider you already have.

We don't issue passwords. Your team signs in through your existing IdP. When someone leaves, you off-board them where you already do, and they're out of Yardwise the same minute.

Authentication

SSO via SAML 2.0 or OpenID Connect. Microsoft Entra ID, Okta, Google Workspace, and other standards-compliant providers. Confirm provider list with your account team

Password storage

None on our side. Your IdP authenticates the user. Yardwise receives a signed token, validates it, and uses the claims inside.

Provisioning

Just-in-time on first sign-in. Optional SCIM provisioning so the user list mirrors your IdP automatically. SCIM availability varies by plan

Off-boarding

Disable the user in your IdP. Their next request fails token validation. They're out. No separate Yardwise account to remember to clean up.

Roles

Three roles inside Yardwise: Admin, Supervisor, Technician. Map them to groups in your IdP and the assignment follows the group membership. Change a group, the role changes.

MFA, conditional access

Enforced wherever your IdP enforces them. Yardwise inherits whatever policy you already run. Geo-fencing, device posture, MFA prompts, all of it sits with you.

PRELOADED MANUALS

We load the
manuals. They live in your workspace.

We come in with a large library of OEM manuals already prepared for the makes and models you run. The moment they land in your tenant, they belong to your tenant. Same isolation rules as anything you upload yourself.

On day one

Your copy.
Your container.

Every manual we preload is written into your blob container, indexed against your tenant ID, and accessible only to your users. It is not a shared library. There is no central pool that all tenants read from.

Per-tenant copy · per-tenant index

After that

Anything you
add follows suit.

A PDF you upload, a photo of a binder page, a voice note from a senior tech. OCR runs, chunks get embedded, and the whole lot lands in your index. Never anyone else's. Same partition, same container, same filter.

Same path · same boundary

Privacy of use

Your queries
stay yours.

Questions your techs ask, notes your seniors write, conversations from your bay floor. None of it gets pooled into a global model, sold, or used to train a shared system. The model providers we call follow zero-retention terms on prompt content. Confirm exact retention terms with your account team

No pooling · no training

INFRASTRUCTURE

Built on Azure.
Where you'd want it.

Everything runs on Azure managed services. One cloud, one billing relationship, one set of compliance evidence to chase if your security team ever needs it.

Compute

Azure Container Apps for the API and the document processing worker. Private endpoints. Autoscale on demand.

Database

Azure Cosmos DB, NoSQL API. Tenant-partitioned. 99.999% multi-region SLA available for enterprise.

Search & retrieval

Azure AI Search. Hybrid retrieval, vector plus keyword, with a mandatory tenant filter on every call.

File storage

Azure Blob Storage. One container per tenant. Soft delete and versioning available.

AI models

Azure OpenAI for completions and embeddings. Azure Speech for voice in and voice out. Calls stay inside Azure.

Secrets

Azure Key Vault. Service-to-service auth via managed identity. No connection strings or API keys in source, in containers, or on a developer's laptop.

Network

Azure Front Door at the edge with WAF policy. Private endpoints to the data tier. Outbound to Azure AI services over the Azure backbone.

Observability

Application Insights and Log Analytics. Structured logs, distributed traces, health probes. Alerts to our on-call.

Data residency

Configurable per tenant. United States and European Union regions standard. Other regions on request. Specific region availability confirmed at contract

Uptime SLA

99.9% target on Pro. Higher on Enterprise with multi-region active configuration.

ENCRYPTION

Encrypted on
the wire. And on the disk.

Standard for everything Azure manages, plus a few habits we keep on top of it.

In transit

TLS 1.3 between your users and our API. TLS 1.2 minimum. Older ciphers are off.

At rest

AES-256 across Cosmos DB, Blob Storage, Key Vault, and the search index. Microsoft-managed keys by default. Customer-managed keys available on Enterprise.

Backups

Cosmos DB continuous backup with 30-day point-in-time restore. Blob storage soft delete with configurable retention.

Key handling

All secrets, connection strings, and AI service keys live in Azure Key Vault. Engineers don't see production secrets. Services authenticate to each other with managed identities.

ACCESS & AUDIT

Three roles.
Every change logged.

Inside a fleet, who can do what is small enough to fit on the back of a card. Outside that, an immutable ledger of every change tells you exactly what happened, who did it, and when.

RoleAdmin

Admin

"I run the workspace. I add users, set up SSO, decide who's a supervisor, and pull usage numbers when procurement asks."

Can: manage users and roles, change tenant settings, pull audit logs, delete documents.

RoleSupervisor

Supervisor

"I run the approval queue. Senior tech writes a note, I look at it, I sign it off or send it back."

Can: upload manuals, approve or reject knowledge entries, add equipment, view team usage.

RoleTechnician

Technician

"I'm the one with grease on his hands. I ask the question, I listen to the answer, I get back to work."

Can: ask the chatbot, see approved knowledge, look up equipment. Cannot upload, approve, or delete.

AuditThe ledger

The Ledger

"Anything that changes a record gets a row. Who. What. When. From which IP."

Includes: uploads, deletions, approvals, role changes, tenant settings. Two year retention standard.

DESIGN DECISIONS

A few things
we chose on purpose.

Some of the specifics that shape how Yardwise handles your data. Worth knowing before you sign anything.

Each tenant is its own world

Your data is partitioned by your tenant ID in every layer, from the database through the search index. The API layer won't form a query that crosses tenants. Not for analytics, not for benchmarks.

Authentication lives in your directory

We trust signed tokens from your IdP. If you off-board someone there, they're off-boarded here at the same moment. No parallel account to clean up, no Yardwise password to forget.

Your knowledge stays in your index

The override your senior tech wrote about the mountain route stays in your index, serving your techs. It is not rolled into a model that another fleet benefits from.

AI calls stay inside your chosen region

If you're in the EU, your data and the AI calls that act on it stay in EU regions. If you're in the US, US. We don't route calls through wherever capacity happens to be cheapest.

SECURITY REVIEW

If your security team has the form,
we'll fill it out.

Procurement questionnaires, vendor reviews, DPAs. Send what you have and we'll turn it around. Founders take every call.

Walk through the
perimeter with us.

Half an hour with someone from your IT or security team. We map our controls to whatever framework you live by, and you leave the call with the document filled in. Or close enough that you finish it in fifteen minutes.

Book a security call [email protected]

Email [email protected]

Security contact [email protected]

Hosting Azure · US and EU regions

What we'll send back Architecture diagram on request.
Data flow diagram on request.
DPA on request.

Your fleet's data, in its own room.

Your data doesn't share a wall.

Partitioned by tenant ID.

Tenant filter, every query.

One container per fleet.

Use the identity provider you already have.

We load the manuals. They live in your workspace.

Your copy. Your container.

Anything you add follows suit.

Your queries stay yours.

Built on Azure. Where you'd want it.

Encrypted on the wire. And on the disk.

Three roles. Every change logged.